diff --git a/go.mod b/go.mod index 6ca94879ce..ebaf756c12 100644 --- a/go.mod +++ b/go.mod @@ -7,13 +7,13 @@ require ( github.com/Masterminds/sprig v2.22.0+incompatible github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 - github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac + github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21 github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 - github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1 + github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d github.com/caarlos0/env/v6 v6.0.0 github.com/cenkalti/backoff v2.2.1+incompatible github.com/cheggaaa/pb/v3 v3.0.3 @@ -33,7 +33,7 @@ require ( github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 github.com/mitchellh/copystructure v1.1.1 // indirect github.com/olekukonko/tablewriter v0.0.5 - github.com/open-policy-agent/opa v0.36.0 + github.com/open-policy-agent/opa v0.36.1 github.com/owenrumney/go-sarif/v2 v2.0.17 github.com/spf13/afero v1.6.0 github.com/stretchr/objx v0.3.0 // indirect @@ -41,7 +41,7 @@ require ( github.com/testcontainers/testcontainers-go v0.11.1 github.com/twitchtv/twirp v8.1.0+incompatible github.com/urfave/cli/v2 v2.3.0 - go.uber.org/zap v1.19.1 + go.uber.org/zap v1.20.0 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 google.golang.org/protobuf v1.27.1 gopkg.in/go-playground/validator.v9 v9.31.0 // indirect diff --git a/go.sum b/go.sum index d48672b3aa..fbfc6d6a68 100644 --- a/go.sum +++ b/go.sum @@ -79,6 +79,8 @@ github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v42.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v61.2.0+incompatible h1:sSormXkfW0ov1vh6ihTBRQxdfg73fPqkccl50GbR9iM= +github.com/Azure/azure-sdk-for-go v61.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= @@ -87,28 +89,41 @@ github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW github.com/Azure/go-autorest v10.15.5+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.1.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0= github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.10.2/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs= +github.com/Azure/go-autorest/autorest v0.11.24 h1:1fIGgHKqVm54KIPT+q8Zmd1QlVsmHqeUGso5qm2BqqE= +github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc= github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= +github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.2 h1:R1pgoZkhXuv4+0ky9r3e5pcnRXWcXGIuPXpC/xkc7uI= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.2/go.mod h1:q98IH4qgc3eWM4/WOeR5+YPmBuy8Lq0jNRDwSM0CuFk= github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.1 h1:jwcD1wURu0+hKceV04MubZmKLzwEYOCz6q4aOtVZ+Ng= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.1/go.mod h1:JfDgiIO1/RPu6z42AdQTyjOoCM2MFhLqSBDvMEkDgcg= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g= +github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc= github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA= @@ -116,11 +131,15 @@ github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQ github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= +github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= +github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= @@ -224,8 +243,8 @@ github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U= github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA= github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM= -github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac h1:S1I4lTa44zqA7OUmuZUQdIh8k2H75P6LVhyR3nsuAFA= -github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac/go.mod h1:ACYDJQPZtSl8Hxqf/CmZEbnX2X5CHHccrfjAyyUvbME= +github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21 h1:7nx6j3boy7oawbPvkp2Vma9OvovZWIGvzJw80w1e71E= +github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21/go.mod h1:aU+dKT2D+DLsTEmy/axt19XEIXayz0V9giXCwiypCgQ= github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff h1:JCKEV3TgUNh9fn+8hXyIdsF9yErA0rUbCkgt2flRKt4= github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff/go.mod h1:8fJ//Ob6/03lxbn4xa1F+G/giVtiVLxnZNpBp5xOxNk= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= @@ -241,8 +260,8 @@ github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbp github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM= github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64= github.com/aquasecurity/tfsec v0.63.1/go.mod h1:g5ZWmsfqW1FsCaPb9ux8Pzjcyss/WUB2XuRd5slqvnc= -github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1 h1:mOaPyX+hVglWFk8TbLA7q01GnqVcf6yPusaQaWnDNjE= -github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1/go.mod h1:rnojVJTK+RySsfLW7xMqmQRSjQpm5fEjS+/N4kf3fcc= +github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d h1:vwK774PmorLkSsL/K4WUa9Y9Tn/5Ksmolv8UGHh0Wjc= +github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= @@ -505,6 +524,7 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= +github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/docker/cli v0.0.0-20190925022749-754388324470/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= @@ -710,8 +730,9 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= -github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= @@ -1252,8 +1273,8 @@ github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDs github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c= github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/open-policy-agent/opa v0.36.0 h1:aNStYrrA8yC74g6ir33EExOUVexWFwfqg9dWjNfw87I= -github.com/open-policy-agent/opa v0.36.0/go.mod h1:/ZcbCeVlsRFp+n7aAvcTfElCL24b53p9v9QGo2y+0RM= +github.com/open-policy-agent/opa v0.36.1 h1:FkopbI3Rlor1nAvu78hgbdOLZyRd4vPepeMY4Tcm1Hc= +github.com/open-policy-agent/opa v0.36.1/go.mod h1:/ZcbCeVlsRFp+n7aAvcTfElCL24b53p9v9QGo2y+0RM= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1675,7 +1696,7 @@ go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= @@ -1688,8 +1709,8 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= -go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= +go.uber.org/zap v1.20.0 h1:N4oPlghZwYG55MlU6LXk/Zp00FVNE9X9wrYO8CEs4lc= +go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4= @@ -1722,8 +1743,10 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI= +golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1838,9 +1861,11 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211118161319-6a13c67c3ce4/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs= +golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2005,8 +2030,9 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827 h1:A0Qkn7Z/n8zC1xd9LTw17AiKlBRK64tw3ejWQiEqca0= golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M= diff --git a/integration/client_server_test.go b/integration/client_server_test.go index 406155f4b5..3ca4bfceb8 100644 --- a/integration/client_server_test.go +++ b/integration/client_server_test.go @@ -102,45 +102,44 @@ func TestClientServer(t *testing.T) { }, golden: "testdata/ubuntu-1804.json.golden", }, - // TODO :fix them after support for Red Hat OVALv2 - //{ - // name: "centos 7 integration", - // args: csArgs{ - // Input: "testdata/fixtures/images/centos-7.tar.gz", - // }, - // golden: "testdata/centos-7.json.golden", - //}, - //{ - // name: "centos 7 integration with --ignore-unfixed option", - // args: csArgs{ - // IgnoreUnfixed: true, - // Input: "testdata/fixtures/images/centos-7.tar.gz", - // }, - // golden: "testdata/centos-7-ignore-unfixed.json.golden", - //}, - //{ - // name: "centos 7 integration with low and high severity", - // args: csArgs{ - // IgnoreUnfixed: true, - // Severity: []string{"LOW", "HIGH"}, - // Input: "testdata/fixtures/images/centos-7.tar.gz", - // }, - // golden: "testdata/centos-7-low-high.json.golden", - //}, - //{ - // name: "centos 6 integration", - // args: csArgs{ - // Input: "testdata/fixtures/images/centos-6.tar.gz", - // }, - // golden: "testdata/centos-6.json.golden", - //}, - //{ - // name: "ubi 7 integration", - // args: csArgs{ - // Input: "testdata/fixtures/images/ubi-7.tar.gz", - // }, - // golden: "testdata/ubi-7.json.golden", - //}, + { + name: "centos 7", + args: csArgs{ + Input: "testdata/fixtures/images/centos-7.tar.gz", + }, + golden: "testdata/centos-7.json.golden", + }, + { + name: "centos 7 with --ignore-unfixed option", + args: csArgs{ + IgnoreUnfixed: true, + Input: "testdata/fixtures/images/centos-7.tar.gz", + }, + golden: "testdata/centos-7-ignore-unfixed.json.golden", + }, + { + name: "centos 7 with medium severity", + args: csArgs{ + IgnoreUnfixed: true, + Severity: []string{"MEDIUM"}, + Input: "testdata/fixtures/images/centos-7.tar.gz", + }, + golden: "testdata/centos-7-medium.json.golden", + }, + { + name: "centos 6", + args: csArgs{ + Input: "testdata/fixtures/images/centos-6.tar.gz", + }, + golden: "testdata/centos-6.json.golden", + }, + { + name: "ubi 7", + args: csArgs{ + Input: "testdata/fixtures/images/ubi-7.tar.gz", + }, + golden: "testdata/ubi-7.json.golden", + }, { name: "almalinux 8", args: csArgs{ diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go index 41be1cf432..978e008769 100644 --- a/integration/docker_engine_test.go +++ b/integration/docker_engine_test.go @@ -21,173 +21,172 @@ import ( func TestDockerEngine(t *testing.T) { tests := []struct { - name string - imageTag string - invalidImage bool - ignoreUnfixed bool - severity []string - ignoreIDs []string - testfile string - wantOutputFile string - wantError string + name string + imageTag string + invalidImage bool + ignoreUnfixed bool + severity []string + ignoreIDs []string + input string + golden string + wantErr string }{ { - name: "alpine:3.9", - imageTag: "alpine:3.9", - wantOutputFile: "testdata/alpine-39.json.golden", - testfile: "testdata/fixtures/images/alpine-39.tar.gz", + name: "alpine:3.9", + imageTag: "alpine:3.9", + input: "testdata/fixtures/images/alpine-39.tar.gz", + golden: "testdata/alpine-39.json.golden", }, { - name: "alpine:3.9, with high and critical severity", - severity: []string{"HIGH", "CRITICAL"}, - imageTag: "alpine:3.9", - wantOutputFile: "testdata/alpine-39-high-critical.json.golden", - testfile: "testdata/fixtures/images/alpine-39.tar.gz", + name: "alpine:3.9, with high and critical severity", + severity: []string{"HIGH", "CRITICAL"}, + imageTag: "alpine:3.9", + input: "testdata/fixtures/images/alpine-39.tar.gz", + golden: "testdata/alpine-39-high-critical.json.golden", }, { - name: "alpine:3.9, with .trivyignore", - imageTag: "alpine:3.9", - ignoreIDs: []string{"CVE-2019-1549", "CVE-2019-14697"}, - wantOutputFile: "testdata/alpine-39-ignore-cveids.json.golden", - testfile: "testdata/fixtures/images/alpine-39.tar.gz", + name: "alpine:3.9, with .trivyignore", + imageTag: "alpine:3.9", + ignoreIDs: []string{"CVE-2019-1549", "CVE-2019-14697"}, + input: "testdata/fixtures/images/alpine-39.tar.gz", + golden: "testdata/alpine-39-ignore-cveids.json.golden", }, { - name: "alpine:3.10", - imageTag: "alpine:3.10", - wantOutputFile: "testdata/alpine-310.json.golden", - testfile: "testdata/fixtures/images/alpine-310.tar.gz", + name: "alpine:3.10", + imageTag: "alpine:3.10", + input: "testdata/fixtures/images/alpine-310.tar.gz", + golden: "testdata/alpine-310.json.golden", }, { - name: "amazonlinux:1", - imageTag: "amazonlinux:1", - wantOutputFile: "testdata/amazon-1.json.golden", - testfile: "testdata/fixtures/images/amazon-1.tar.gz", + name: "amazonlinux:1", + imageTag: "amazonlinux:1", + input: "testdata/fixtures/images/amazon-1.tar.gz", + golden: "testdata/amazon-1.json.golden", }, { - name: "amazonlinux:2", - imageTag: "amazonlinux:2", - wantOutputFile: "testdata/amazon-2.json.golden", - testfile: "testdata/fixtures/images/amazon-2.tar.gz", - }, - // TODO: fix them - //{ - // name: "happy path, valid image path, centos:6", - // imageTag: "centos:6", - // wantOutputFile: "testdata/centos-6.json.golden", - // testfile: "testdata/fixtures/images/centos-6.tar.gz", - //}, - //{ - // name: "happy path, valid image path, centos:7", - // imageTag: "centos:7", - // wantOutputFile: "testdata/centos-7.json.golden", - // testfile: "testdata/fixtures/images/centos-7.tar.gz", - //}, - //{ - // name: "happy path, valid image path, centos:7, with --ignore-unfixed option", - // imageTag: "centos:7", - // ignoreUnfixed: true, - // wantOutputFile: "testdata/centos-7-ignore-unfixed.json.golden", - // testfile: "testdata/fixtures/images/centos-7.tar.gz", - //}, - //{ - // name: "happy path, valid image path, centos:7, with --ignore-unfixed option, with low and high severity", - // imageTag: "centos:7", - // ignoreUnfixed: true, - // severity: []string{"LOW", "HIGH"}, - // wantOutputFile: "testdata/centos-7-low-high.json.golden", - // testfile: "testdata/fixtures/images/centos-7.tar.gz", - //}, - //{ - // name: "happy path, valid image path, registry.redhat.io/ubi7", - // imageTag: "registry.redhat.io/ubi7", - // wantOutputFile: "testdata/ubi-7.json.golden", - // testfile: "testdata/fixtures/images/ubi-7.tar.gz", - //}, - { - name: "almalinux 8", - imageTag: "almalinux:8", - wantOutputFile: "testdata/almalinux-8.json.golden", - testfile: "testdata/fixtures/images/almalinux-8.tar.gz", + name: "amazonlinux:2", + imageTag: "amazonlinux:2", + input: "testdata/fixtures/images/amazon-2.tar.gz", + golden: "testdata/amazon-2.json.golden", }, { - name: "rocky linux 8", - imageTag: "rockylinux:8", - testfile: "testdata/fixtures/images/rockylinux-8.tar.gz", - wantOutputFile: "testdata/rockylinux-8.json.golden", + name: "almalinux 8", + imageTag: "almalinux:8", + input: "testdata/fixtures/images/almalinux-8.tar.gz", + golden: "testdata/almalinux-8.json.golden", }, { - name: "debian buster/10", - imageTag: "debian:buster", - wantOutputFile: "testdata/debian-buster.json.golden", - testfile: "testdata/fixtures/images/debian-buster.tar.gz", + name: "rocky linux 8", + imageTag: "rockylinux:8", + input: "testdata/fixtures/images/rockylinux-8.tar.gz", + golden: "testdata/rockylinux-8.json.golden", }, { - name: "debian buster/10, with --ignore-unfixed option", - ignoreUnfixed: true, - imageTag: "debian:buster", - wantOutputFile: "testdata/debian-buster-ignore-unfixed.json.golden", - testfile: "testdata/fixtures/images/debian-buster.tar.gz", + name: "centos 6", + imageTag: "centos:6", + input: "testdata/fixtures/images/centos-6.tar.gz", + golden: "testdata/centos-6.json.golden", }, { - name: "debian stretch/9", - imageTag: "debian:stretch", - wantOutputFile: "testdata/debian-stretch.json.golden", - testfile: "testdata/fixtures/images/debian-stretch.tar.gz", + name: "centos 7", + imageTag: "centos:7", + input: "testdata/fixtures/images/centos-7.tar.gz", + golden: "testdata/centos-7.json.golden", }, { - name: "distroless base", - imageTag: "gcr.io/distroless/base:latest", - wantOutputFile: "testdata/distroless-base.json.golden", - testfile: "testdata/fixtures/images/distroless-base.tar.gz", + name: "centos 7, with --ignore-unfixed option", + imageTag: "centos:7", + ignoreUnfixed: true, + input: "testdata/fixtures/images/centos-7.tar.gz", + golden: "testdata/centos-7-ignore-unfixed.json.golden", }, { - name: "distroless python2.7", - imageTag: "gcr.io/distroless/python2.7:latest", - wantOutputFile: "testdata/distroless-python27.json.golden", - testfile: "testdata/fixtures/images/distroless-python27.tar.gz", + name: "centos 7, with --ignore-unfixed option, with medium severity", + imageTag: "centos:7", + ignoreUnfixed: true, + severity: []string{"MEDIUM"}, + input: "testdata/fixtures/images/centos-7.tar.gz", + golden: "testdata/centos-7-medium.json.golden", }, { - name: "oracle linux 8", - imageTag: "oraclelinux:8-slim", - wantOutputFile: "testdata/oraclelinux-8-slim.json.golden", - testfile: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz", + name: "registry.redhat.io/ubi7", + imageTag: "registry.redhat.io/ubi7", + input: "testdata/fixtures/images/ubi-7.tar.gz", + golden: "testdata/ubi-7.json.golden", }, { - name: "ubuntu 18.04", - imageTag: "ubuntu:18.04", - wantOutputFile: "testdata/ubuntu-1804.json.golden", - testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz", + name: "debian buster/10", + imageTag: "debian:buster", + input: "testdata/fixtures/images/debian-buster.tar.gz", + golden: "testdata/debian-buster.json.golden", }, { - name: "ubuntu 18.04, with --ignore-unfixed option", - imageTag: "ubuntu:18.04", - ignoreUnfixed: true, - wantOutputFile: "testdata/ubuntu-1804-ignore-unfixed.json.golden", - testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz", + name: "debian buster/10, with --ignore-unfixed option", + ignoreUnfixed: true, + imageTag: "debian:buster", + input: "testdata/fixtures/images/debian-buster.tar.gz", + golden: "testdata/debian-buster-ignore-unfixed.json.golden", }, { - name: "happy path, valid image path, opensuse leap 15.1", - imageTag: "opensuse/leap:latest", - wantOutputFile: "testdata/opensuse-leap-151.json.golden", - testfile: "testdata/fixtures/images/opensuse-leap-151.tar.gz", + name: "debian stretch/9", + imageTag: "debian:stretch", + input: "testdata/fixtures/images/debian-stretch.tar.gz", + golden: "testdata/debian-stretch.json.golden", }, { - name: "happy path, valid image path, photon 3.0", - imageTag: "photon:3.0-20190823", - wantOutputFile: "testdata/photon-30.json.golden", - testfile: "testdata/fixtures/images/photon-30.tar.gz", + name: "distroless base", + imageTag: "gcr.io/distroless/base:latest", + input: "testdata/fixtures/images/distroless-base.tar.gz", + golden: "testdata/distroless-base.json.golden", }, { - name: "buxybox with Cargo.lock", - imageTag: "busy-cargo:latest", - wantOutputFile: "testdata/busybox-with-lockfile.json.golden", - testfile: "testdata/fixtures/images/busybox-with-lockfile.tar.gz", + name: "distroless python2.7", + imageTag: "gcr.io/distroless/python2.7:latest", + input: "testdata/fixtures/images/distroless-python27.tar.gz", + golden: "testdata/distroless-python27.json.golden", + }, + { + name: "oracle linux 8", + imageTag: "oraclelinux:8-slim", + input: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz", + golden: "testdata/oraclelinux-8-slim.json.golden", + }, + { + name: "ubuntu 18.04", + imageTag: "ubuntu:18.04", + input: "testdata/fixtures/images/ubuntu-1804.tar.gz", + golden: "testdata/ubuntu-1804.json.golden", + }, + { + name: "ubuntu 18.04, with --ignore-unfixed option", + imageTag: "ubuntu:18.04", + ignoreUnfixed: true, + input: "testdata/fixtures/images/ubuntu-1804.tar.gz", + golden: "testdata/ubuntu-1804-ignore-unfixed.json.golden", + }, + { + name: "opensuse leap 15.1", + imageTag: "opensuse/leap:latest", + input: "testdata/fixtures/images/opensuse-leap-151.tar.gz", + golden: "testdata/opensuse-leap-151.json.golden", + }, + { + name: "photon 3.0", + imageTag: "photon:3.0-20190823", + input: "testdata/fixtures/images/photon-30.tar.gz", + golden: "testdata/photon-30.json.golden", + }, + { + name: "busybox with Cargo.lock", + imageTag: "busy-cargo:latest", + input: "testdata/fixtures/images/busybox-with-lockfile.tar.gz", + golden: "testdata/busybox-with-lockfile.json.golden", }, { name: "sad path, invalid image", invalidImage: true, - testfile: "badimage:latest", - wantError: "unable to inspect the image (index.docker.io/library/badimage:latest)", + input: "badimage:latest", + wantErr: "unable to inspect the image (index.docker.io/library/badimage:latest)", }, } @@ -203,11 +202,11 @@ func TestDockerEngine(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { if !tt.invalidImage { - testfile, err := os.Open(tt.testfile) + testfile, err := os.Open(tt.input) require.NoError(t, err, tt.name) // ensure image doesnt already exists - _, _ = cli.ImageRemove(ctx, tt.testfile, types.ImageRemoveOptions{ + _, _ = cli.ImageRemove(ctx, tt.input, types.ImageRemoveOptions{ Force: true, PruneChildren: true, }) @@ -218,7 +217,7 @@ func TestDockerEngine(t *testing.T) { io.Copy(io.Discard, res.Body) // tag our image to something unique - err = cli.ImageTag(ctx, tt.imageTag, tt.testfile) + err = cli.ImageTag(ctx, tt.imageTag, tt.input) require.NoError(t, err, tt.name) } @@ -244,22 +243,22 @@ func TestDockerEngine(t *testing.T) { assert.NoError(t, err, "failed to write .trivyignore") defer os.Remove(trivyIgnore) } - trivyArgs = append(trivyArgs, tt.testfile) + trivyArgs = append(trivyArgs, tt.input) err = app.Run(trivyArgs) - if tt.wantError != "" { + if tt.wantErr != "" { require.NotNil(t, err) - assert.Contains(t, err.Error(), tt.wantError, tt.name) + assert.Contains(t, err.Error(), tt.wantErr, tt.name) return } assert.NoError(t, err, tt.name) // check for vulnerability output info - compareReports(t, tt.wantOutputFile, output) + compareReports(t, tt.golden, output) // cleanup - _, err = cli.ImageRemove(ctx, tt.testfile, types.ImageRemoveOptions{ + _, err = cli.ImageRemove(ctx, tt.input, types.ImageRemoveOptions{ Force: true, PruneChildren: true, }) diff --git a/integration/standalone_tar_test.go b/integration/standalone_tar_test.go index f816b57e70..5b1b67364b 100644 --- a/integration/standalone_tar_test.go +++ b/integration/standalone_tar_test.go @@ -124,55 +124,49 @@ func TestTar(t *testing.T) { }, golden: "testdata/ubuntu-1804-ignore-unfixed.json.golden", }, - // TODO: it will be fixed after support for Red Hat OVALv2 - //{ - // name: "centos 7 integration", - // testArgs: args{ - // Version: "dev", - // Format: "json", - // Input: "testdata/fixtures/images/centos-7.tar.gz", - // }, - // golden: "testdata/centos-7.json.golden", - //}, - //{ - // name: "centos 7 integration with --ignore-unfixed option", - // testArgs: args{ - // Version: "dev", - // IgnoreUnfixed: true, - // Format: "json", - // Input: "testdata/fixtures/images/centos-7.tar.gz", - // }, - // golden: "testdata/centos-7-ignore-unfixed.json.golden", - //}, - //{ - // name: "centos 7 integration with low and high severity", - // testArgs: args{ - // Version: "dev", - // IgnoreUnfixed: true, - // Severity: []string{"LOW", "HIGH"}, - // Format: "json", - // Input: "testdata/fixtures/images/centos-7.tar.gz", - // }, - // golden: "testdata/centos-7-low-high.json.golden", - //}, - //{ - // name: "centos 6 integration", - // testArgs: args{ - // Version: "dev", - // Format: "json", - // Input: "testdata/fixtures/images/centos-6.tar.gz", - // }, - // golden: "testdata/centos-6.json.golden", - //}, - //{ - // name: "ubi 7 integration", - // testArgs: args{ - // Version: "dev", - // Format: "json", - // Input: "testdata/fixtures/images/ubi-7.tar.gz", - // }, - // golden: "testdata/ubi-7.json.golden", - //}, + { + name: "centos 7", + testArgs: args{ + Format: "json", + Input: "testdata/fixtures/images/centos-7.tar.gz", + }, + golden: "testdata/centos-7.json.golden", + }, + { + name: "centos 7with --ignore-unfixed option", + testArgs: args{ + IgnoreUnfixed: true, + Format: "json", + Input: "testdata/fixtures/images/centos-7.tar.gz", + }, + golden: "testdata/centos-7-ignore-unfixed.json.golden", + }, + { + name: "centos 7 with medium severity", + testArgs: args{ + IgnoreUnfixed: true, + Severity: []string{"MEDIUM"}, + Format: "json", + Input: "testdata/fixtures/images/centos-7.tar.gz", + }, + golden: "testdata/centos-7-medium.json.golden", + }, + { + name: "centos 6", + testArgs: args{ + Format: "json", + Input: "testdata/fixtures/images/centos-6.tar.gz", + }, + golden: "testdata/centos-6.json.golden", + }, + { + name: "ubi 7", + testArgs: args{ + Format: "json", + Input: "testdata/fixtures/images/ubi-7.tar.gz", + }, + golden: "testdata/ubi-7.json.golden", + }, { name: "almalinux 8", testArgs: args{ diff --git a/integration/testdata/centos-6.json.golden b/integration/testdata/centos-6.json.golden index 40b1b6e527..80d89ff3fd 100644 --- a/integration/testdata/centos-6.json.golden +++ b/integration/testdata/centos-6.json.golden @@ -76,23796 +76,49 @@ "Type": "centos", "Vulnerabilities": [ { - "VulnerabilityID": "CVE-2015-5186", - "PkgName": "audit-libs", - "InstalledVersion": "2.4.5-6.el6", + "VulnerabilityID": "CVE-2020-29573", + "PkgName": "glibc", + "InstalledVersion": "2.12-1.212.el6", "Layer": { "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" }, "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", - "Title": "Audit: log terminal emulator escape sequences handling", - "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/08/13/9", - "http://www.securityfocus.com/bid/76840", - "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", - "https://people.redhat.com/sgrubb/audit/ChangeLog" - ], - "PublishedDate": "2017-09-06T21:29:00Z", - "LastModifiedDate": "2017-09-13T11:17:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9924", - "PkgName": "bash", - "InstalledVersion": "4.1.2-48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", - "Title": "bash: BASH_CMD is writable in restricted bash shells", - "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", - "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", - "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", - "https://security.netapp.com/advisory/ntap-20190411-0001/", - "https://usn.ubuntu.com/usn/usn-4058-1", - "https://usn.ubuntu.com/usn/usn-4058-2" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "FixedVersion": "32:9.8.2-0.68.rc1.el6_10.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0414", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0414", - "Title": "bind: named lockup with IXFR or DDNS update and a high query rate", - "Description": "ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://secunia.com/advisories/43439", - "http://secunia.com/advisories/43443", - "http://www.debian.org/security/2011/dsa-2208", - "http://www.isc.org/software/bind/advisories/cve-2011-0414", - "http://www.kb.cert.org/vuls/id/449980", - "http://www.kb.cert.org/vuls/id/559980", - "http://www.securitytracker.com/id?1025110", - "http://www.ubuntu.com/usn/USN-1070-1", - "http://www.vupen.com/english/advisories/2011/0466", - "http://www.vupen.com/english/advisories/2011/0489", - "https://bugzilla.redhat.com/show_bug.cgi?id=679496", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414" - ], - "PublishedDate": "2011-02-23T19:00:00Z", - "LastModifiedDate": "2018-10-30T16:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-5661", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", - "Title": "DNS response rate limiting can simplify cache poisoning attacks", - "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-290" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", - "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", - "https://security-tracker.debian.org/tracker/CVE-2013-5661" - ], - "PublishedDate": "2019-11-05T19:15:00Z", - "LastModifiedDate": "2019-11-08T19:04:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6170", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", - "Title": "bind: Improper restriction of zone size limit", - "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/06/3", - "http://www.securityfocus.com/bid/91611", - "http://www.securitytracker.com/id/1036241", - "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", - "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "https://kb.isc.org/article/AA-01390", - "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", - "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", - "https://security.gentoo.org/glsa/201610-07" - ], - "PublishedDate": "2016-07-06T14:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5745", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", - "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", - "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V2Score": 3.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 4.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5745.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", - "https://kb.isc.org/docs/cve-2018-5745", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6465", - "PkgName": "bind-libs", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", - "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", - "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-6465.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", - "https://kb.isc.org/docs/cve-2019-6465", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-16T16:57:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "FixedVersion": "32:9.8.2-0.68.rc1.el6_10.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0414", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0414", - "Title": "bind: named lockup with IXFR or DDNS update and a high query rate", - "Description": "ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://secunia.com/advisories/43439", - "http://secunia.com/advisories/43443", - "http://www.debian.org/security/2011/dsa-2208", - "http://www.isc.org/software/bind/advisories/cve-2011-0414", - "http://www.kb.cert.org/vuls/id/449980", - "http://www.kb.cert.org/vuls/id/559980", - "http://www.securitytracker.com/id?1025110", - "http://www.ubuntu.com/usn/USN-1070-1", - "http://www.vupen.com/english/advisories/2011/0466", - "http://www.vupen.com/english/advisories/2011/0489", - "https://bugzilla.redhat.com/show_bug.cgi?id=679496", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414" - ], - "PublishedDate": "2011-02-23T19:00:00Z", - "LastModifiedDate": "2018-10-30T16:26:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-5661", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", - "Title": "DNS response rate limiting can simplify cache poisoning attacks", - "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-290" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", - "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", - "https://security-tracker.debian.org/tracker/CVE-2013-5661" - ], - "PublishedDate": "2019-11-05T19:15:00Z", - "LastModifiedDate": "2019-11-08T19:04:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6170", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", - "Title": "bind: Improper restriction of zone size limit", - "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/06/3", - "http://www.securityfocus.com/bid/91611", - "http://www.securitytracker.com/id/1036241", - "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", - "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "https://kb.isc.org/article/AA-01390", - "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", - "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", - "https://security.gentoo.org/glsa/201610-07" - ], - "PublishedDate": "2016-07-06T14:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5745", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", - "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", - "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V2Score": 3.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 4.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5745.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", - "https://kb.isc.org/docs/cve-2018-5745", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6465", - "PkgName": "bind-utils", - "InstalledVersion": "32:9.8.2-0.68.rc1.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", - "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", - "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-6465.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", - "https://kb.isc.org/docs/cve-2019-6465", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-16T16:57:00Z" - }, - { - "VulnerabilityID": "CVE-2012-3509", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-3509", - "Title": "libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary", - "Description": "Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the \"addition of CHUNK_HEADER_SIZE to the length,\" which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411", - "http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html", - "http://security-tracker.debian.org/tracker/CVE-2012-3509", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2012/08/29/3", - "http://www.securityfocus.com/bid/55281", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3509", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/78135", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2012-09-05T23:55:00Z", - "LastModifiedDate": "2017-08-29T01:31:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8484", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8484", - "Title": "binutils: invalid read flaw in libbfd", - "Description": "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8484.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://openwall.com/lists/oss-security/2014/10/23/4", - "http://openwall.com/lists/oss-security/2014/10/23/5", - "http://openwall.com/lists/oss-security/2014/10/26/2", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/26", - "http://www.openwall.com/lists/oss-security/2014/10/26/2", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70714", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1156272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17509", - "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8485", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8485", - "Title": "binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()", - "Description": "The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html", - "http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html", - "http://linux.oracle.com/cve/CVE-2014-8485.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/26", - "http://www.openwall.com/lists/oss-security/2014/10/26/2", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70741", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1157276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=493a33860c71cac998f1a56d6d87d6faa801fbaa", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8737", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8737", - "Title": "binutils: directory traversal vulnerability", - "Description": "Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8737.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/11/13/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70908", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162655", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17533", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17552", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6965", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", - "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6966", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", - "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000876", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", - "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", - "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000876.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/106304", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-08-06T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9077", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", - "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", - "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107139", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", - "https://support.f5.com/csp/article/K00056379" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8501", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8501", - "Title": "binutils: out-of-bounds write when parsing specially crafted PE executable", - "Description": "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8501.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/26/3", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70866", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162570", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e", - "https://usn.ubuntu.com/usn/usn-2496-1", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8502", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8502", - "Title": "binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)", - "Description": "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8502.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70869", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162594", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8503", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8503", - "Title": "binutils: stack overflow in objdump when parsing specially crafted ihex file", - "Description": "Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8503.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/70868", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162607", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17512", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8504", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8504", - "Title": "binutils: stack overflow in the SREC parser", - "Description": "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8504.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://openwall.com/lists/oss-security/2014/10/27/4", - "http://openwall.com/lists/oss-security/2014/10/27/5", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/10/27/4", - "http://www.openwall.com/lists/oss-security/2014/10/27/5", - "http://www.openwall.com/lists/oss-security/2014/10/31", - "http://www.openwall.com/lists/oss-security/2014/10/31/1", - "http://www.securityfocus.com/bid/70761", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1162621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2014-12-09T23:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8738", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8738", - "Title": "binutils: out of bounds memory write", - "Description": "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8738.html", - "http://linux.oracle.com/errata/ELSA-2015-2079.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html", - "http://secunia.com/advisories/62241", - "http://secunia.com/advisories/62746", - "http://www.debian.org/security/2015/dsa-3123", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029", - "http://www.openwall.com/lists/oss-security/2014/11/02/4", - "http://www.openwall.com/lists/oss-security/2014/11/05/7", - "http://www.openwall.com/lists/oss-security/2014/11/13/2", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/71083", - "http://www.ubuntu.com/usn/USN-2496-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738", - "https://security.gentoo.org/glsa/201612-24", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17533", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f", - "https://usn.ubuntu.com/usn/usn-2496-1" - ], - "PublishedDate": "2015-01-15T15:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9939", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", - "Title": "binutils: buffer overflow in ihex.c", - "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/07/31/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8538", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", - "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", - "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 1.7 - } - }, - "References": [ - "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", - "http://www.openwall.com/lists/oss-security/2015/12/09/2", - "http://www.openwall.com/lists/oss-security/2015/12/10/3", - "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", - "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" - ], - "PublishedDate": "2017-06-07T20:29:00Z", - "LastModifiedDate": "2017-06-14T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12449", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", - "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", - "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:39:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12451", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", - "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", - "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12452", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", - "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", - "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12453", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", - "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", - "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:35:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12454", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", - "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", - "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12455", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", - "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", - "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12456", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", - "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", - "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12457", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", - "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", - "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12458", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", - "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", - "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T14:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12799", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", - "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", - "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100292", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" - ], - "PublishedDate": "2017-08-10T18:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12967", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", - "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", - "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" - ], - "PublishedDate": "2017-08-19T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13710", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", - "Title": "binutils: NULL pointer dereference in the setup_group function", - "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100499", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" - ], - "PublishedDate": "2017-08-27T16:29:00Z", - "LastModifiedDate": "2017-08-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13716", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", - "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", - "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" - ], - "PublishedDate": "2017-08-28T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13757", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", - "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100532", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" - ], - "PublishedDate": "2017-08-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14128", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", - "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14129", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", - "Title": "binutils: Heap-based buffer over-read in the read_section function", - "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100624", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14130", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", - "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", - "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100625", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14529", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", - "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", - "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" - ], - "PublishedDate": "2017-09-18T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14729", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", - "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" - ], - "PublishedDate": "2017-09-25T16:29:00Z", - "LastModifiedDate": "2017-09-28T16:51:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14745", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", - "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" - ], - "PublishedDate": "2017-09-26T16:29:00Z", - "LastModifiedDate": "2017-09-29T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14930", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", - "Title": "binutils: Memory leak in decode_line_info", - "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14932", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", - "Title": "binutils: Infinite loop in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14933", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", - "Title": "binutils: Infinite loop in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14934", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", - "Title": "binutils: Infinite loop in process_debug_info", - "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-131", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14938", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", - "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", - "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101212", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14939", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101216", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", - "https://www.exploit-db.com/exploits/42970/" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14940", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", - "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", - "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2017-10-03T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14974", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", - "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" - ], - "PublishedDate": "2017-10-02T01:29:00Z", - "LastModifiedDate": "2017-10-05T16:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15020", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", - "Title": "binutils: Heap-based buffer overflow in parse_die", - "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15021", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", - "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", - "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15022", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", - "Title": "binutils: NULL pointer dereference in dwarf2.c", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15023", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", - "Title": "binutils: NULL pointer dereference in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101611", - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15024", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", - "Title": "binutils: Infinite recursion in find_abstract_instance_name", - "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15025", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", - "Title": "binutils: Divide-by-zero in decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:38:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15225", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", - "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", - "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" - ], - "PublishedDate": "2017-10-10T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15938", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", - "Title": "binutils: Invalid memory read in find_abstract_instance_name", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101610", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15939", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", - "Title": "binutils: NULL pointer dereference in the concat_filename", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101613", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15996", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", - "Title": "binutils: Excessive memory allocation in elfcomm.c", - "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101608", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" - ], - "PublishedDate": "2017-10-29T17:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16826", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", - "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", - "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16827", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", - "Title": "binutils: Invalid free in the aout_get_external_symbols function", - "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16828", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", - "Title": "binutils: Integer overflow in the display_debug_frames function", - "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16829", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", - "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", - "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16830", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", - "Title": "binutils: Segmentation fault in the print_gnu_property_note function", - "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16831", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", - "Title": "binutils: Integer overflow in coffgen.c", - "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16832", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", - "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", - "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17080", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", - "Title": "binutils: Heap-based buffer over-read in bfd_getl32", - "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" - ], - "PublishedDate": "2017-11-30T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17121", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", - "Title": "binutils: Memory access violation via a crafted COFF binary", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17122", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", - "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", - "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-14T02:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17123", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", - "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", - "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17124", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", - "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", - "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17125", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", - "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", - "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17126", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", - "Title": "binutils: Invalid memory access in the load_debug_section function", - "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-13T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6969", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", - "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", - "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/16/8", - "http://www.securityfocus.com/bid/97065", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7209", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", - "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", - "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96994", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7210", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", - "Title": "binutils: Heap-based buffer over-reads in objdump", - "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96992", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7223", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", - "Title": "binutils: Global buffer overflow when attempting to unget EOF character", - "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7224", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", - "Title": "binutils: Invalid write in find_nearest_line function", - "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97277", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7225", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", - "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", - "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97275", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7226", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", - "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", - "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7227", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", - "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", - "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97209", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7299", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", - "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7300", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", - "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97219", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7301", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", - "Title": "binutils: Off-by-one error in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97218", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:02:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7302", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", - "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7303", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", - "Title": "binutils: Out-of-bounds read in find_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97213", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7304", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", - "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97215", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:06:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7614", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", - "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", - "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", - "https://security.gentoo.org/glsa/201709-02" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8392", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", - "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8393", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", - "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8394", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", - "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8395", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", - "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8396", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", - "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8397", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", - "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8398", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", - "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", - "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8421", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", - "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", - "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" - ], - "PublishedDate": "2017-05-02T17:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9038", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", - "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98589", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9039", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", - "Title": "binutils: Memory consumption via many program headers", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98580", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9040", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", - "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", - "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98579", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9041", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", - "Title": "binutils: Heap buffer overflow in the process_mips_specific function", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98598", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9042", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", - "Title": "binutils: Invalid variable type in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-704" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9043", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", - "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98591", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9044", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", - "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", - "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98587", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9742", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", - "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", - "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99105", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", - "https://www.exploit-db.com/exploits/42203/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9743", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", - "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", - "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99106", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9744", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", - "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", - "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99108", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:10:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9745", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", - "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", - "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99109", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9746", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", - "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", - "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99117", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", - "https://www.exploit-db.com/exploits/42199/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9747", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", - "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", - "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99114", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", - "https://www.exploit-db.com/exploits/42200/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-13T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9748", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", - "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", - "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99110", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", - "https://www.exploit-db.com/exploits/42202/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9749", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", - "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", - "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99113", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", - "https://www.exploit-db.com/exploits/42201/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9750", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", - "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", - "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99118", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", - "https://www.exploit-db.com/exploits/42198/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9751", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", - "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", - "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99111", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9752", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", - "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", - "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9753", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", - "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", - "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99116", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9754", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", - "Title": "binutils: Stack-based buffer over-read in process_otr function", - "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:21:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9755", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", - "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", - "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99124", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9756", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", - "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", - "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", - "https://www.exploit-db.com/exploits/42204/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9954", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", - "Title": "binutils: stack-based buffer over-read in getvalue function", - "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99307", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9955", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", - "Title": "binutils: heap buffer over-read in get_build_id function", - "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99573", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10373", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10373", - "Title": "binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file", - "Description": "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-10373.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://www.securityfocus.com/bid/104000", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23065" - ], - "PublishedDate": "2018-04-25T09:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10535", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10535", - "Title": "binutils: NULL pointer dereference in elf.c", - "Description": "The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-10535.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://www.securityfocus.com/bid/104021", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23113" - ], - "PublishedDate": "2018-04-29T15:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12698", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", - "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", - "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104539", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12699", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", - "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", - "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104540", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12700", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", - "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", - "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104541", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12934", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", - "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", - "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" - ], - "PublishedDate": "2018-06-28T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-13033", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-13033", - "Title": "binutils: Uncontrolled Resource Consumption in execution of nm", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-13033.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://www.securityfocus.com/bid/104584", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13033", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23361" - ], - "PublishedDate": "2018-07-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17794", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", - "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", - "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" - ], - "PublishedDate": "2018-09-30T20:29:00Z", - "LastModifiedDate": "2018-11-28T15:06:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17985", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", - "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" - ], - "PublishedDate": "2018-10-04T23:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18483", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", - "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", - "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105689", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18484", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", - "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105693", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18605", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", - "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", - "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18606", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", - "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", - "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18607", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", - "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", - "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18700", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", - "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18701", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", - "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19931", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19931", - "Title": "binutils: Heap-based buffer overflow in bfd_elf32_swap_phdr_in function resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23942", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19932", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", - "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20002", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", - "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", - "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106142", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2018-12-10T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6323", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", - "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", - "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/102821", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", - "https://www.exploit-db.com/exploits/44035/" - ], - "PublishedDate": "2018-01-26T08:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6759", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", - "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", - "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103030", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" - ], - "PublishedDate": "2018-02-06T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6872", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", - "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", - "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" - ], - "PublishedDate": "2018-02-09T06:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7208", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7208", - "Title": "binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file", - "Description": "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7208.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103077", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7208", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22741" - ], - "PublishedDate": "2018-02-18T04:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7568", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7568", - "Title": "binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library", - "Description": "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7568.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7568", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22894" - ], - "PublishedDate": "2018-02-28T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7569", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7569", - "Title": "binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-191" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7569.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7569", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22895" - ], - "PublishedDate": "2018-02-28T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7642", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7642", - "Title": "binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash", - "Description": "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7642.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7642", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22887", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25" - ], - "PublishedDate": "2018-03-02T15:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-7643", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-7643", - "Title": "binutils: Integer overflow in the display_debug_ranges function resulting in crash", - "Description": "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-7643.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103264", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7643", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22905" - ], - "PublishedDate": "2018-03-02T15:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-8945", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8945", - "Title": "binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable", - "Description": "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-8945.html", - "http://linux.oracle.com/errata/ELSA-2018-3032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22809" - ], - "PublishedDate": "2018-03-22T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9070", - "PkgName": "binutils", - "InstalledVersion": "2.20.51.0.2-5.48.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9070", - "Title": "binutils: heap-based buffer over-read in function d_expression_1 in cp-demangle.c", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.9 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", - "https://support.f5.com/csp/article/K13534168" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2", - "InstalledVersion": "1.0.5-7.el6_0", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.5-7.el6_0", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1865", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1865", - "Title": "coreutils: \"time of check to time of use\" race condition fts.c", - "Description": "fts.c in coreutils 8.4 allows local users to delete arbitrary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 3.3, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://www.securityfocus.com/bid/76073", - "https://bugzilla.redhat.com/show_bug.cgi?id=1211300", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865" - ], - "PublishedDate": "2017-09-20T18:29:00Z", - "LastModifiedDate": "2017-09-27T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1865", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1865", - "Title": "coreutils: \"time of check to time of use\" race condition fts.c", - "Description": "fts.c in coreutils 8.4 allows local users to delete arbitrary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 3.3, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://www.securityfocus.com/bid/76073", - "https://bugzilla.redhat.com/show_bug.cgi?id=1211300", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1865" - ], - "PublishedDate": "2017-09-20T18:29:00Z", - "LastModifiedDate": "2017-09-27T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils-libs", - "InstalledVersion": "8.4-47.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9112", - "PkgName": "cpio", - "InstalledVersion": "2.10-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9112", - "Title": "cpio: heap-based buffer overflow flaw in list_file()", - "Description": "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio", - "http://linux.oracle.com/cve/CVE-2014-9112.html", - "http://linux.oracle.com/errata/ELSA-2015-2108.html", - "http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html", - "http://seclists.org/fulldisclosure/2014/Nov/74", - "http://secunia.com/advisories/60167", - "http://secunia.com/advisories/62145", - "http://www.debian.org/security/2014/dsa-3111", - "http://www.openwall.com/lists/oss-security/2014/11/23/2", - "http://www.openwall.com/lists/oss-security/2014/11/25/2", - "http://www.openwall.com/lists/oss-security/2014/11/26/20", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/71248", - "http://www.ubuntu.com/usn/USN-2456-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9112", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918", - "https://marc.info/?l=oss-security\u0026m=141702212015484\u0026w=2", - "https://savannah.gnu.org/bugs/?43709", - "https://usn.ubuntu.com/usn/usn-2456-1" - ], - "PublishedDate": "2014-12-02T16:59:00Z", - "LastModifiedDate": "2017-09-08T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1197", - "PkgName": "cpio", - "InstalledVersion": "2.10-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", - "Title": "cpio: directory traversal through symlinks", - "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0080.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", - "http://www.openwall.com/lists/oss-security/2015/01/07/5", - "http://www.openwall.com/lists/oss-security/2015/01/18/7", - "http://www.securityfocus.com/bid/71914", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", - "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2015-02-19T15:59:00Z", - "LastModifiedDate": "2016-12-06T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2037", - "PkgName": "cpio", - "InstalledVersion": "2.10-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", - "Title": "cpio: out of bounds write", - "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 4.3 - } - }, - "References": [ - "http://www.debian.org/security/2016/dsa-3483", - "http://www.openwall.com/lists/oss-security/2016/01/19/4", - "http://www.openwall.com/lists/oss-security/2016/01/22/4", - "http://www.securityfocus.com/bid/82293", - "http://www.securitytracker.com/id/1035067", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2016-02-22T15:59:00Z", - "LastModifiedDate": "2016-12-06T03:07:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib", - "InstalledVersion": "2.8.16-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib-dicts", - "InstalledVersion": "2.8.16-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5419", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5419", - "Title": "curl: TLS session resumption client cert bypass", - "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5419.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92292", - "http://www.securityfocus.com/bid/92319", - "http://www.securitytracker.com/id/1036538", - "http://www.securitytracker.com/id/1038341", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29573", + "Title": "glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern", + "Description": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000120", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000120", - "Title": "curl: FTP path trickery leads to NIL byte out of bounds write", - "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000120.html", - "http://linux.oracle.com/errata/ELSA-2018-3157.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103414", - "http://www.securitytracker.com/id/1040531", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3157", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://access.redhat.com/errata/RHSA-2019:1543", - "https://curl.haxx.se/docs/adv_2018-9cd6.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120", - "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html", - "https://usn.ubuntu.com/3598-1/", - "https://usn.ubuntu.com/3598-2/", - "https://usn.ubuntu.com/usn/usn-3598-1", - "https://usn.ubuntu.com/usn/usn-3598-2", - "https://www.debian.org/security/2018/dsa-4136", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - ], - "PublishedDate": "2018-03-14T18:29:00Z", - "LastModifiedDate": "2019-06-18T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5420", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5420", - "Title": "curl: Re-using connection with wrong client cert", - "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", - "Severity": "LOW", - "CweIDs": [ - "CWE-285" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5420.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.openwall.com/lists/oss-security/2016/09/05/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92309", - "http://www.securitytracker.com/id/1036537", - "http://www.securitytracker.com/id/1036739", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7141", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7141", - "Title": "curl: Incorrect reuse of client certificates", - "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7141.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://seclists.org/oss-sec/2016/q3/419", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92754", - "http://www.securitytracker.com/id/1036739", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", - "https://curl.haxx.se/docs/adv_20160907.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141", - "https://github.com/curl/curl/commit/curl-7_50_2~32", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-03T21:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7167", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7167", - "Title": "curl: escape and unescape integer overflows", - "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 2.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7167.html", - "http://linux.oracle.com/errata/ELSA-2017-2016.html", - "http://openwall.com/lists/oss-security/2016/09/14/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92975", - "http://www.securitytracker.com/id/1036813", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632", - "https://access.redhat.com/errata/RHSA-2017:2016", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160914.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-07T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "curl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "db4", - "InstalledVersion": "4.7.25-22.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "db4-utils", - "InstalledVersion": "4.7.25-22.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "FixedVersion": "1:1.2.24-11.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2011-2533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-2533", - "Title": "dbus: Possibility of symlink attack in /tmp during compilation", - "Description": "The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2", - "http://www.securitytracker.com/id?1025720", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2533", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/68173" - ], - "PublishedDate": "2011-06-22T23:55:00Z", - "LastModifiedDate": "2017-08-29T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.2.24-9.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.164-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6702", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", - "Title": "expat: Using XML_Parse before rand() results into non-random output", - "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/03/8", - "http://www.openwall.com/lists/oss-security/2016/06/04/1", - "http://www.securityfocus.com/bid/91483", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-18T17:55:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0340", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", - "Title": "expat: internal entity expansion", - "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://securitytracker.com/id?1028213", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.osvdb.org/90634", - "http://www.securityfocus.com/bid/58233", - "https://security.gentoo.org/glsa/201701-21" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2716", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", - "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", - "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2716.html", - "http://linux.oracle.com/errata/ELSA-2015-1012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0988.html", - "http://rhn.redhat.com/errata/RHSA-2015-1012.html", - "http://www.debian.org/security/2015/dsa-3260", - "http://www.debian.org/security/2015/dsa-3264", - "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/74611", - "http://www.ubuntu.com/usn/USN-2602-1", - "http://www.ubuntu.com/usn/USN-2603-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", - "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", - "https://security.gentoo.org/glsa/201605-06", - "https://usn.ubuntu.com/usn/usn-2602-1", - "https://usn.ubuntu.com/usn/usn-2603-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", - "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2015-05-14T10:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5300", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", - "Title": "expat: Little entropy used for hash initialization", - "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/04/4", - "http://www.openwall.com/lists/oss-security/2016/06/04/5", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91159", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-23T12:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9063", - "PkgName": "expat", - "InstalledVersion": "2.0.1-13.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", - "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", - "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94337", - "http://www.securitytracker.com/id/1037298", - "http://www.securitytracker.com/id/1039427", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", - "https://usn.ubuntu.com/usn/usn-3124-1", - "https://www.debian.org/security/2017/dsa-3898", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", - "https://www.mozilla.org/security/advisories/mfsa2016-89/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-07-30T18:31:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file-libs", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file-libs", - "InstalledVersion": "5.04-30.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8385", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", - "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", - "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8385.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85572", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3191", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", - "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", - "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3191.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/84810", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.debian.org/815920", - "https://bugs.debian.org/815921", - "https://bugs.exim.org/show_bug.cgi?id=1791", - "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", - "https://usn.ubuntu.com/usn/usn-2943-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-03-17T23:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2012-0039", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-0039", - "Title": "glib2: hash table collisions CPU usage DoS", - "Description": "** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044", - "http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html", - "http://openwall.com/lists/oss-security/2012/01/10/12", - "https://bugzilla.redhat.com/show_bug.cgi?id=772720" - ], - "PublishedDate": "2012-01-14T17:55:00Z", - "LastModifiedDate": "2012-02-08T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2327", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", - "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", - "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.fortiguard.com/advisory/FG-VD-15-010/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5073", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", - "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5073.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/26/1", - "http://www.openwall.com/lists/oss-security/2015/06/26/3", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75430", - "http://www.securitytracker.com/id/1033154", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1651", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2694-1", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8388", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", - "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-185" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8388.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85576", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9633", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", - "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", - "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 8.2 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107391", - "https://gitlab.gnome.org/GNOME/glib/issues/1649" - ], - "PublishedDate": "2019-03-08T08:29:00Z", - "LastModifiedDate": "2019-03-14T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16428", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", - "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", - "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105210", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", - "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", - "https://gitlab.gnome.org/GNOME/glib/issues/1364", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16429", - "PkgName": "glib2", - "InstalledVersion": "2.28.8-10.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", - "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", - "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", - "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", - "https://gitlab.gnome.org/GNOME/glib/issues/1361", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4412", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4412", - "Title": "glibc: strcoll() integer overflow leading to buffer overflow", - "Description": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://secunia.com/advisories/55113", - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/07/9", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=855385", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4424", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4424", - "Title": "glibc: alloca() stack overflow in the strcoll() interface", - "Description": "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/13/16", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=858238", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16997", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16997", - "Title": "glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries", - "Description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-426" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-16997.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102228", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://bugs.debian.org/884615", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22625", - "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html", - "https://usn.ubuntu.com/usn/usn-3534-1" - ], - "PublishedDate": "2017-12-18T01:29:00Z", - "LastModifiedDate": "2019-04-26T12:41:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0015", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0015", - "Title": "glibc NIS password hash disclosure", - "Description": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", - "http://marc.info/?l=oss-security\u0026m=126320356003425\u0026w=2", - "http://marc.info/?l=oss-security\u0026m=126320570505651\u0026w=2", - "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", - "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062\u0026view=markup", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112", - "http://www.openwall.com/lists/oss-security/2010/01/07/3", - "http://www.openwall.com/lists/oss-security/2010/01/08/1", - "http://www.openwall.com/lists/oss-security/2010/01/08/2", - "http://www.openwall.com/lists/oss-security/2010/01/11/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015", - "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" - ], - "PublishedDate": "2010-01-14T18:30:00Z", - "LastModifiedDate": "2016-12-07T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-5320", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5320", - "Title": "glibc: scanf implementation crashes on certain inputs", - "Description": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 6.2 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/03/12/14", - "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5320", - "https://marc.info/?l=gimp-developer\u0026m=129567990905823\u0026w=2", - "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" - ], - "PublishedDate": "2017-10-18T14:29:00Z", - "LastModifiedDate": "2017-11-08T17:05:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4788", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4788", - "Title": "glibc: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables", - "Description": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2013-4788.html", - "http://seclists.org/fulldisclosure/2015/Sep/23", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2013/07/15/9", - "http://www.securityfocus.com/bid/61183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788", - "https://security.gentoo.org/glsa/201503-04" - ], - "PublishedDate": "2013-10-04T17:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8121", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8121", - "Title": "glibc: Unexpected closing of nss_files databases after lookups causes denial of service", - "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8121.html", - "http://linux.oracle.com/errata/ELSA-2015-0327.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0327.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.securityfocus.com/bid/73038", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://bugzilla.redhat.com/show_bug.cgi?id=1165192", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2015-03-27T14:59:00Z", - "LastModifiedDate": "2018-10-17T19:01:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9402", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9402", - "Title": "glibc: denial of service in getnetbyname function", - "Description": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-9402.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.openwall.com/lists/oss-security/2014/12/18/1", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.securityfocus.com/bid/71670", - "http://www.ubuntu.com/usn/USN-2519-1", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", - "https://usn.ubuntu.com/usn/usn-2519-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5180", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", - "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", - "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5180.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/99324", - "http://www.ubuntu.com/usn/USN-3239-1", - "http://www.ubuntu.com/usn/USN-3239-2", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", - "https://security.gentoo.org/glsa/201706-19", - "https://sourceware.org/bugzilla/attachment.cgi?id=8492", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", - "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-2" - ], - "PublishedDate": "2017-06-27T20:29:00Z", - "LastModifiedDate": "2018-04-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8777", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8777", - "Title": "glibc: LD_POINTER_GUARD in the environment is not sanitized", - "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 7 - } - }, - "References": [ - "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", - "http://linux.oracle.com/cve/CVE-2015-8777.html", - "http://linux.oracle.com/errata/ELSA-2017-1916.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.openwall.com/lists/oss-security/2015/09/05/8", - "http://www.openwall.com/lists/oss-security/2016/01/20/1", - "http://www.securityfocus.com/bid/81469", - "http://www.securitytracker.com/id/1034811", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://access.redhat.com/errata/RHSA-2017:1916", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-01-20T05:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3075", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3075", - "Title": "glibc: Stack overflow in nss_dns_getnetbyname_r", - "Description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 5.8, - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3075.html", - "http://linux.oracle.com/errata/ELSA-2016-2573.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://rhn.redhat.com/errata/RHSA-2016-2573.html", - "http://www.securityfocus.com/bid/85732", - "http://www.ubuntu.com/usn/USN-2985-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19879", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3706", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3706", - "Title": "glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)", - "Description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "http://www.securityfocus.com/bid/88440", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20010", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-3" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000001", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001", - "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation", - "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000001.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://seclists.org/oss-sec/2018/q1/38", - "http://www.openwall.com/lists/oss-security/2018/01/11/5", - "http://www.securityfocus.com/bid/102525", - "http://www.securitytracker.com/id/1040162", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001", - "https://lists.samba.org/archive/rsync/2018-February/031478.html", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18203", - "https://usn.ubuntu.com/3534-1/", - "https://usn.ubuntu.com/3536-1/", - "https://usn.ubuntu.com/usn/usn-3534-1", - "https://usn.ubuntu.com/usn/usn-3536-1", - "https://www.exploit-db.com/exploits/43775/", - "https://www.exploit-db.com/exploits/44889/", - "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/" - ], - "PublishedDate": "2018-01-31T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4412", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4412", - "Title": "glibc: strcoll() integer overflow leading to buffer overflow", - "Description": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://secunia.com/advisories/55113", - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/07/9", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=855385", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-4424", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-4424", - "Title": "glibc: alloca() stack overflow in the strcoll() interface", - "Description": "Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://sourceware.org/bugzilla/show_bug.cgi?id=14547", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2012/09/13/16", - "http://www.ubuntu.com/usn/USN-1991-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=858238", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424", - "https://security.gentoo.org/glsa/201503-04", - "https://usn.ubuntu.com/usn/usn-1991-1" - ], - "PublishedDate": "2013-10-09T22:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16997", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16997", - "Title": "glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries", - "Description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-426" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-16997.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102228", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://bugs.debian.org/884615", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22625", - "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html", - "https://usn.ubuntu.com/usn/usn-3534-1" - ], - "PublishedDate": "2017-12-18T01:29:00Z", - "LastModifiedDate": "2019-04-26T12:41:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2018-11236", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11236", - "Title": "glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow", - "Description": "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-11236.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/104255", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236", - "https://security.netapp.com/advisory/ntap-20190329-0001/", - "https://security.netapp.com/advisory/ntap-20190401-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22786", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-05-18T16:29:00Z", - "LastModifiedDate": "2019-04-25T18:43:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6485", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485", - "Title": "glibc: Integer overflow in posix_memalign in memalign functions", - "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://bugs.debian.org/878159", - "http://linux.oracle.com/cve/CVE-2018-6485.html", - "http://linux.oracle.com/errata/ELSA-2018-3092.html", - "http://www.securityfocus.com/bid/102912", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3092", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485", - "https://security.netapp.com/advisory/ntap-20190404-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", - "https://usn.ubuntu.com/4218-1/", - "https://usn.ubuntu.com/usn/usn-4218-1", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-02-01T14:29:00Z", - "LastModifiedDate": "2019-12-10T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2010-0015", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-0015", - "Title": "glibc NIS password hash disclosure", - "Description": "nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333", - "http://marc.info/?l=oss-security\u0026m=126320356003425\u0026w=2", - "http://marc.info/?l=oss-security\u0026m=126320570505651\u0026w=2", - "http://sourceware.org/bugzilla/show_bug.cgi?id=11134", - "http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062\u0026view=markup", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112", - "http://www.openwall.com/lists/oss-security/2010/01/07/3", - "http://www.openwall.com/lists/oss-security/2010/01/08/1", - "http://www.openwall.com/lists/oss-security/2010/01/08/2", - "http://www.openwall.com/lists/oss-security/2010/01/11/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015", - "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" - ], - "PublishedDate": "2010-01-14T18:30:00Z", - "LastModifiedDate": "2016-12-07T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2010-4756", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756", - "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223" - ], - "PublishedDate": "2011-03-02T20:00:00Z", - "LastModifiedDate": "2011-03-04T05:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-5320", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5320", - "Title": "glibc: scanf implementation crashes on certain inputs", - "Description": "scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.1, - "V3Score": 6.2 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/03/12/14", - "https://bugzilla.redhat.com/show_bug.cgi?id=1196745", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5320", - "https://marc.info/?l=gimp-developer\u0026m=129567990905823\u0026w=2", - "https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=20b38e0", - "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0" - ], - "PublishedDate": "2017-10-18T14:29:00Z", - "LastModifiedDate": "2017-11-08T17:05:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4788", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4788", - "Title": "glibc: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables", - "Description": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2013-4788.html", - "http://seclists.org/fulldisclosure/2015/Sep/23", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284", - "http://www.openwall.com/lists/oss-security/2013/07/15/9", - "http://www.securityfocus.com/bid/61183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788", - "https://security.gentoo.org/glsa/201503-04" - ], - "PublishedDate": "2013-10-04T17:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-8121", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-8121", - "Title": "glibc: Unexpected closing of nss_files databases after lookups causes denial of service", - "Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-8121.html", - "http://linux.oracle.com/errata/ELSA-2015-0327.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0327.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.securityfocus.com/bid/73038", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://bugzilla.redhat.com/show_bug.cgi?id=1165192", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8121", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2015-03-27T14:59:00Z", - "LastModifiedDate": "2018-10-17T19:01:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9402", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9402", - "Title": "glibc: denial of service in getnetbyname function", - "Description": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2014-9402.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.openwall.com/lists/oss-security/2014/12/18/1", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.securityfocus.com/bid/71670", - "http://www.ubuntu.com/usn/USN-2519-1", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9402", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201602-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17630", - "https://usn.ubuntu.com/usn/usn-2519-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5180", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5180", - "Title": "glibc: DNS resolver NULL pointer dereference with crafted record type", - "Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5180.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/99324", - "http://www.ubuntu.com/usn/USN-3239-1", - "http://www.ubuntu.com/usn/USN-3239-2", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://bugzilla.redhat.com/show_bug.cgi?id=1249603", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180", - "https://security.gentoo.org/glsa/201706-19", - "https://sourceware.org/bugzilla/attachment.cgi?id=8492", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18784", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5", - "https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-2" - ], - "PublishedDate": "2017-06-27T20:29:00Z", - "LastModifiedDate": "2018-04-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8777", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8777", - "Title": "glibc: LD_POINTER_GUARD in the environment is not sanitized", - "Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 7 - } - }, - "References": [ - "http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html", - "http://linux.oracle.com/cve/CVE-2015-8777.html", - "http://linux.oracle.com/errata/ELSA-2017-1916.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html", - "http://www.debian.org/security/2016/dsa-3480", - "http://www.openwall.com/lists/oss-security/2015/09/05/8", - "http://www.openwall.com/lists/oss-security/2016/01/20/1", - "http://www.securityfocus.com/bid/81469", - "http://www.securitytracker.com/id/1034811", - "http://www.ubuntu.com/usn/USN-2985-1", - "http://www.ubuntu.com/usn/USN-2985-2", - "https://access.redhat.com/errata/RHSA-2017:1916", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18928", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-01-20T05:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3075", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3075", - "Title": "glibc: Stack overflow in nss_dns_getnetbyname_r", - "Description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 5.8, - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3075.html", - "http://linux.oracle.com/errata/ELSA-2016-2573.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://rhn.redhat.com/errata/RHSA-2016-2573.html", - "http://www.securityfocus.com/bid/85732", - "http://www.ubuntu.com/usn/USN-2985-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19879", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=317b199b4aff8cfa27f2302ab404d2bb5032b9a4", - "https://usn.ubuntu.com/usn/usn-2985-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3706", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3706", - "Title": "glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458)", - "Description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "http://www.securityfocus.com/bid/88440", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20010", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3239-3" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12132", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12132", - "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled", - "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", - "V3Score": 3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-12132.html", - "http://linux.oracle.com/errata/ELSA-2018-0805.html", - "http://www.securityfocus.com/bid/100598", - "https://access.redhat.com/errata/RHSA-2018:0805", - "https://arxiv.org/pdf/1205.4011.pdf", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21361" - ], - "PublishedDate": "2017-08-01T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc-common", - "InstalledVersion": "2.12-1.212.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4617", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", - "Title": "gnupg: infinite loop when decompressing data packets", - "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", - "http://secunia.com/advisories/59213", - "http://secunia.com/advisories/59351", - "http://secunia.com/advisories/59534", - "http://secunia.com/advisories/59578", - "http://www.debian.org/security/2014/dsa-2967", - "http://www.debian.org/security/2014/dsa-2968", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "http://www.ubuntu.com/usn/USN-2258-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", - "https://usn.ubuntu.com/usn/usn-2258-1" - ], - "PublishedDate": "2014-06-25T11:19:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1606", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", - "Title": "gnupg2: invalid memory read using a garbled keyring", - "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securitytracker.com/id/1031876", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1607", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", - "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", - "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securityfocus.com/bid/72610", - "http://www.ubuntu.com/usn/usn-2554-1/", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:19:00Z" - }, - { - "VulnerabilityID": "CVE-2018-9234", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.14-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", - "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", - "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "V3Score": 2.2 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", - "https://dev.gnupg.org/T3844", - "https://usn.ubuntu.com/3675-1/", - "https://usn.ubuntu.com/usn/usn-3675-1" - ], - "PublishedDate": "2018-04-04T00:29:00Z", - "LastModifiedDate": "2019-02-27T19:37:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3564", - "PkgName": "gpgme", - "InstalledVersion": "1.1.8-3.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", - "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", - "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", - "http://seclists.org/oss-sec/2014/q3/266", - "http://www.debian.org/security/2014/dsa-3005", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.osvdb.org/109699", - "http://www.securityfocus.com/bid/68990", - "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", - "https://usn.ubuntu.com/usn/usn-2307-1" - ], - "PublishedDate": "2014-10-20T17:55:00Z", - "LastModifiedDate": "2016-10-18T03:44:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5080", - "PkgName": "groff", - "InstalledVersion": "1.18.1.4-21.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5080", - "Title": "groff: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph", - "Description": "The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff", - "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h", - "http://openwall.com/lists/oss-security/2009/08/14/4", - "http://openwall.com/lists/oss-security/2009/08/14/5", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5080" - ], - "PublishedDate": "2011-06-30T15:55:00Z", - "LastModifiedDate": "2013-12-13T04:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0283", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0283", - "Title": "krb5: uninitialized pointer use in krb5kdc leads to KDC crash", - "Description": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://secunia.com/advisories/43260", - "http://securityreason.com/securityalert/8073", - "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt", - "http://www.securityfocus.com/archive/1/516299/100/0/threaded", - "http://www.securityfocus.com/bid/46272", - "http://www.securitytracker.com/id?1025037", - "http://www.vupen.com/english/advisories/2011/0330" - ], - "PublishedDate": "2011-02-10T18:00:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2011-4151", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-4151", - "Title": "CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-4151 krb5: KDC denial of service vulnerabilities (MITKRB5-SA-2011-006)", - "Description": "The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", - "http://www.kb.cert.org/vuls/id/659251", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/70891" - ], - "PublishedDate": "2011-10-20T21:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5351", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", - "Title": "krb5: current keys returned when randomizing the keys for a service principal", - "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0477.html", - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", - "http://security.gentoo.org/glsa/glsa-201412-53.xml", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", - "http://www.securityfocus.com/bid/70380", - "http://www.securitytracker.com/id/1031003", - "http://www.ubuntu.com/usn/USN-2498-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", - "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://usn.ubuntu.com/usn/usn-2498-1" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2695", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", - "Title": "krb5: SPNEGO context aliasing bugs", - "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/90687", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", - "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2696", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", - "Title": "krb5: IAKERB context aliasing flaw", - "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.securityfocus.com/bid/90675", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", - "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2697", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", - "Title": "krb5: build_principal() memory flaw", - "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/77581", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", - "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11368", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11368", - "Title": "krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure", - "Description": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-11368.html", - "http://linux.oracle.com/errata/ELSA-2018-0666.html", - "http://www.securityfocus.com/bid/100291", - "https://access.redhat.com/errata/RHSA-2018:0666", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368", - "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970", - "https://github.com/krb5/krb5/pull/678/files", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/" - ], - "PublishedDate": "2017-08-09T18:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20217", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", - "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", - "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", - "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", - "https://security.netapp.com/advisory/ntap-20190416-0006/" - ], - "PublishedDate": "2018-12-26T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3119", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3119", - "Title": "krb5: null pointer dereference in kadmin", - "Description": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3119.html", - "http://linux.oracle.com/errata/ELSA-2016-2591.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html", - "http://rhn.redhat.com/errata/RHSA-2016-2591.html", - "http://www.securityfocus.com/bid/85392", - "http://www.securitytracker.com/id/1035399", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119", - "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html" - ], - "PublishedDate": "2016-03-26T01:59:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3120", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3120", - "Title": "krb5: S4U2Self KDC crash when anon is restricted", - "Description": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458", - "http://linux.oracle.com/cve/CVE-2016-3120.html", - "http://linux.oracle.com/errata/ELSA-2016-2591.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html", - "http://rhn.redhat.com/errata/RHSA-2016-2591.html", - "http://web.mit.edu/kerberos/krb5-1.13/", - "http://web.mit.edu/kerberos/krb5-1.14/", - "http://www.securityfocus.com/bid/92132", - "http://www.securitytracker.com/id/1036442", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120", - "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/" - ], - "PublishedDate": "2016-08-01T02:59:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11462", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", - "Title": "krb5: Automatic sec context deletion could lead to double-free", - "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", - "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", - "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" - ], - "PublishedDate": "2017-09-13T16:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5729", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5729", - "Title": "krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data", - "Description": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 6.5, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5729.html", - "http://linux.oracle.com/errata/ELSA-2018-3071.html", - "http://www.securitytracker.com/id/1042071", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3071", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", - "https://bugzilla.redhat.com/show_bug.cgi?id=1551083", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729", - "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/" - ], - "PublishedDate": "2018-03-06T20:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5730", - "PkgName": "krb5-libs", - "InstalledVersion": "1.10.3-65.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5730", - "Title": "krb5: DN container check bypass by supplying special crafted data", - "Description": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.", - "Severity": "LOW", - "CweIDs": [ - "CWE-90" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 5.5, - "V3Score": 3.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 3.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5730.html", - "http://linux.oracle.com/errata/ELSA-2018-3071.html", - "http://www.securitytracker.com/id/1042071", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3071", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", - "https://bugzilla.redhat.com/show_bug.cgi?id=1551082", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730", - "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/" - ], - "PublishedDate": "2018-03-06T20:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9488", - "PkgName": "less", - "InstalledVersion": "436-13.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9488", - "Title": "less: out of bounds read access in is_utf8_well_formed()", - "Description": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 10 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 1.2, - "V3Score": 2.5 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0139.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html", - "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199", - "http://www.openwall.com/lists/oss-security/2015/03/10/14", - "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9488" - ], - "PublishedDate": "2015-04-14T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3879", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3879", - "Title": "CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333", - "http://linux.oracle.com/cve/CVE-2010-3879.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html", - "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://openwall.com/lists/oss-security/2010/11/04/8", - "http://openwall.com/lists/oss-security/2010/11/05/2", - "http://osvdb.org/70520", - "http://secunia.com/advisories/42961", - "http://secunia.com/advisories/42965", - "http://www.halfdog.net/Security/FuseTimerace/", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155", - "http://www.securityfocus.com/bid/44623", - "http://www.ubuntu.com/usn/USN-1045-1", - "http://www.ubuntu.com/usn/USN-1045-2", - "http://www.vupen.com/english/advisories/2011/0181", - "http://www.vupen.com/english/advisories/2011/0302", - "https://bugs.launchpad.net/bugs/670622", - "https://bugzilla.novell.com/show_bug.cgi?id=651598", - "https://bugzilla.redhat.com/show_bug.cgi?id=651183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986" - ], - "PublishedDate": "2011-01-22T22:00:00Z", - "LastModifiedDate": "2017-08-17T01:33:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0541", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0541", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", - "http://linux.oracle.com/cve/CVE-2011-0541.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0542", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0542", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873", - "http://linux.oracle.com/cve/CVE-2011-0542.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2011-09-05T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0543", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0543", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", - "http://linux.oracle.com/cve/CVE-2011-0543.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libblkid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0247", - "PkgName": "libcom_err", - "InstalledVersion": "1.41.12-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", - "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", - "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0061.html", - "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.ocert.org/advisories/ocert-2015-002.html", - "http://www.securityfocus.com/archive/1/534633/100/0/threaded", - "http://www.securityfocus.com/bid/72520", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", - "https://security.gentoo.org/glsa/201701-06", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-17T15:59:00Z", - "LastModifiedDate": "2018-10-09T19:55:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1572", - "PkgName": "libcom_err", - "InstalledVersion": "1.41.12-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", - "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", - "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0088.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", - "http://www.securityfocus.com/bid/72709", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", - "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", - "https://security.gentoo.org/glsa/201507-22", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2017-11-08T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5419", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5419", - "Title": "curl: TLS session resumption client cert bypass", - "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5419.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92292", - "http://www.securityfocus.com/bid/92319", - "http://www.securitytracker.com/id/1036538", - "http://www.securitytracker.com/id/1038341", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000120", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000120", - "Title": "curl: FTP path trickery leads to NIL byte out of bounds write", - "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000120.html", - "http://linux.oracle.com/errata/ELSA-2018-3157.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103414", - "http://www.securitytracker.com/id/1040531", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3157", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://access.redhat.com/errata/RHSA-2019:1543", - "https://curl.haxx.se/docs/adv_2018-9cd6.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120", - "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html", - "https://usn.ubuntu.com/3598-1/", - "https://usn.ubuntu.com/3598-2/", - "https://usn.ubuntu.com/usn/usn-3598-1", - "https://usn.ubuntu.com/usn/usn-3598-2", - "https://www.debian.org/security/2018/dsa-4136", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - ], - "PublishedDate": "2018-03-14T18:29:00Z", - "LastModifiedDate": "2019-06-18T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5420", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5420", - "Title": "curl: Re-using connection with wrong client cert", - "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", - "Severity": "LOW", - "CweIDs": [ - "CWE-285" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5420.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3638", - "http://www.openwall.com/lists/oss-security/2016/09/05/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92309", - "http://www.securitytracker.com/id/1036537", - "http://www.securitytracker.com/id/1036739", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.563059", - "http://www.ubuntu.com/usn/USN-3048-1", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160803B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/", - "https://security.gentoo.org/glsa/201701-47", - "https://source.android.com/security/bulletin/2016-12-01.html", - "https://usn.ubuntu.com/usn/usn-3048-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-08-10T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7141", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7141", - "Title": "curl: Incorrect reuse of client certificates", - "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 4.9, - "V3Score": 4.2 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7141.html", - "http://linux.oracle.com/errata/ELSA-2016-2575.html", - "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", - "http://rhn.redhat.com/errata/RHSA-2016-2575.html", - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://seclists.org/oss-sec/2016/q3/419", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92754", - "http://www.securitytracker.com/id/1036739", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=1373229", - "https://curl.haxx.se/docs/adv_20160907.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141", - "https://github.com/curl/curl/commit/curl-7_50_2~32", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-03T21:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7167", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7167", - "Title": "curl: escape and unescape integer overflows", - "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 2.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7167.html", - "http://linux.oracle.com/errata/ELSA-2017-2016.html", - "http://openwall.com/lists/oss-security/2016/09/14/1", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/92975", - "http://www.securitytracker.com/id/1036813", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632", - "https://access.redhat.com/errata/RHSA-2017:2016", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20160914.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1" - ], - "PublishedDate": "2016-10-07T14:59:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "libcurl", - "InstalledVersion": "7.19.7-53.el6_9", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2002-2439", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2002-2439", - "Title": "gcc: Integer overflow can occur during the computation of the memory region size for new[] operator", - "Description": "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2002-2439", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", - "https://security-tracker.debian.org/tracker/CVE-2002-2439" - ], - "PublishedDate": "2019-10-23T18:15:00Z", - "LastModifiedDate": "2019-10-31T02:39:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9427", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9427", - "Title": "gc: Integer overflow in GC_MALLOC_ATOMIC", - "Description": "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 5.1, - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html", - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html", - "http://www.openwall.com/lists/oss-security/2016/11/18/3", - "http://www.securityfocus.com/bid/94407", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9427", - "https://github.com/ivmai/bdwgc/issues/135", - "https://usn.ubuntu.com/usn/usn-3197-1" - ], - "PublishedDate": "2016-12-12T02:59:00Z", - "LastModifiedDate": "2017-01-07T03:00:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libgcc", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5270", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", - "Title": "libgcrypt: ELGAMAL side-channel attack", - "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", - "http://openwall.com/lists/oss-security/2014/08/16/2", - "http://www.cs.tau.ac.il/~tromer/handsoff/", - "http://www.debian.org/security/2014/dsa-3024", - "http://www.debian.org/security/2014/dsa-3073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", - "https://usn.ubuntu.com/usn/usn-2339-1", - "https://usn.ubuntu.com/usn/usn-2339-2" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2017-11-04T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7526", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", - "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", - "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99338", - "http://www.securitytracker.com/id/1038915", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", - "https://eprint.iacr.org/2017/627", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", - "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", - "https://usn.ubuntu.com/3733-1/", - "https://usn.ubuntu.com/3733-2/", - "https://usn.ubuntu.com/usn/usn-3347-1", - "https://usn.ubuntu.com/usn/usn-3347-2", - "https://usn.ubuntu.com/usn/usn-3733-1", - "https://usn.ubuntu.com/usn/usn-3733-2", - "https://www.debian.org/security/2017/dsa-3901", - "https://www.debian.org/security/2017/dsa-3960" - ], - "PublishedDate": "2018-07-26T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "libgcrypt", - "InstalledVersion": "1.4.5-12.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2059", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", - "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", - "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3578", - "http://www.openwall.com/lists/oss-security/2015/02/23/25", - "http://www.securityfocus.com/bid/72736", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", - "https://github.com/jabberd2/jabberd2/issues/85", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2015-08-12T14:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8948", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", - "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", - "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6261", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", - "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", - "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6262", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", - "Title": "libidn: Out-of-bounds read when reading zero byte as input", - "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6263", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", - "Title": "libidn: Crash when given invalid UTF-8 data on input", - "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2016-11-28T20:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14062", - "PkgName": "libidn", - "InstalledVersion": "1.18-2.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", - "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", - "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3988", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", - "https://gitlab.com/libidn/libidn2/blob/master/NEWS", - "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", - "https://usn.ubuntu.com/usn/usn-3421-1", - "https://usn.ubuntu.com/usn/usn-3434-1", - "https://usn.ubuntu.com/usn/usn-3434-2" - ], - "PublishedDate": "2017-08-31T16:29:00Z", - "LastModifiedDate": "2020-02-18T19:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "FixedVersion": "1.4.2-3.el6_10.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3859", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", - "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3859.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3860", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", - "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3860.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3860.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1782", - "PkgName": "libssh2", - "InstalledVersion": "1.4.2-2.el6_7.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1782", - "Title": "libssh2: Using SSH_MSG_KEXINIT data unbounded", - "Description": "The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V2Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-1782.html", - "http://linux.oracle.com/errata/ELSA-2015-2140.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html", - "http://www.debian.org/security/2015/dsa-3182", - "http://www.libssh2.org/adv_20150311.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:148", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securityfocus.com/bid/73061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782" - ], - "PublishedDate": "2015-03-13T14:59:00Z", - "LastModifiedDate": "2017-01-03T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2002-2439", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2002-2439", - "Title": "gcc: Integer overflow can occur during the computation of the memory region size for new[] operator", - "Description": "Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2002-2439", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351", - "https://security-tracker.debian.org/tracker/CVE-2002-2439" - ], - "PublishedDate": "2019-10-23T18:15:00Z", - "LastModifiedDate": "2019-10-31T02:39:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9427", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9427", - "Title": "gc: Integer overflow in GC_MALLOC_ATOMIC", - "Description": "Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 5.1, - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html", - "http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html", - "http://www.openwall.com/lists/oss-security/2016/11/18/3", - "http://www.securityfocus.com/bid/94407", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9427", - "https://github.com/ivmai/bdwgc/issues/135", - "https://usn.ubuntu.com/usn/usn-3197-1" - ], - "PublishedDate": "2016-12-12T02:59:00Z", - "LastModifiedDate": "2017-01-07T03:00:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libstdc++", - "InstalledVersion": "4.4.7-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3622", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3622", - "Title": "libtasn1: heap overflow flaw in _asn1_extract_der_octet()", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3622.html", - "http://linux.oracle.com/errata/ELSA-2017-1860.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html", - "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html", - "http://seclists.org/fulldisclosure/2015/Apr/109", - "http://www.debian.org/security/2015/dsa-3256", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232", - "http://www.securityfocus.com/bid/74419", - "http://www.securitytracker.com/id/1032246", - "http://www.ubuntu.com/usn/USN-2604-1", - "https://access.redhat.com/errata/RHSA-2017:1860", - "https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622", - "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html", - "https://security.gentoo.org/glsa/201509-04", - "https://usn.ubuntu.com/usn/usn-2604-1" - ], - "PublishedDate": "2015-05-12T19:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4008", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", - "Title": "libtasn1: infinite loop while parsing DER certificates", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://www.debian.org/security/2016/dsa-3568", - "http://www.openwall.com/lists/oss-security/2016/04/11/3", - "http://www.ubuntu.com/usn/USN-2957-1", - "http://www.ubuntu.com/usn/USN-2957-2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", - "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", - "https://security.gentoo.org/glsa/201703-05", - "https://usn.ubuntu.com/usn/usn-2957-1", - "https://usn.ubuntu.com/usn/usn-2957-2" - ], - "PublishedDate": "2016-05-05T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2806", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2806", - "Title": "libtasn1: stack overflow in asn1_der_decoding", - "Description": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 10 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149", - "http://linux.oracle.com/cve/CVE-2015-2806.html", - "http://linux.oracle.com/errata/ELSA-2017-1860.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html", - "http://www.debian.org/security/2015/dsa-3220", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193", - "http://www.openwall.com/lists/oss-security/2015/03/29/4", - "http://www.openwall.com/lists/oss-security/2015/03/31/2", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/73436", - "http://www.securitytracker.com/id/1032080", - "http://www.ubuntu.com/usn/USN-2559-1", - "https://access.redhat.com/errata/RHSA-2017:1860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2806", - "https://security.gentoo.org/glsa/201509-04", - "https://usn.ubuntu.com/usn/usn-2559-1" - ], - "PublishedDate": "2015-04-10T15:00:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10790", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", - "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", - "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/3547-1/", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2017-07-02T03:29:00Z", - "LastModifiedDate": "2018-03-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6891", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", - "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", - "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.debian.org/security/2017/dsa-3861", - "http://www.securityfocus.com/bid/98641", - "http://www.securitytracker.com/id/1038619", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", - "https://secuniaresearch.flexerasoftware.com/advisories/76125/", - "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/usn/usn-3309-1", - "https://usn.ubuntu.com/usn/usn-3309-2" - ], - "PublishedDate": "2017-05-22T19:29:00Z", - "LastModifiedDate": "2019-06-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1", - "InstalledVersion": "2.3-6.el6_5", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2012-5630", - "PkgName": "libuser", - "InstalledVersion": "0.56.13-8.el6_7", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-5630", - "Title": "libuser: TOCTOU race conditions by copying and removing directory trees", - "Description": "libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html", - "https://access.redhat.com/security/cve/cve-2012-5630", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5630", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5630", - "https://security-tracker.debian.org/tracker/CVE-2012-5630", - "https://www.securityfocus.com/bid/59285" - ], - "PublishedDate": "2019-11-25T14:15:00Z", - "LastModifiedDate": "2019-12-04T15:43:00Z" - }, - { - "VulnerabilityID": "CVE-2012-5644", - "PkgName": "libuser", - "InstalledVersion": "0.56.13-8.el6_7", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-5644", - "Title": "libuser: (Complete) Information disclosure when moving user's home directory", - "Description": "libuser has information disclosure when moving user's home directory", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V2Score": 4.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N", - "V2Score": 4.7 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html", - "https://access.redhat.com/security/cve/cve-2012-5644", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5644", - "https://security-tracker.debian.org/tracker/CVE-2012-5644" - ], - "PublishedDate": "2019-11-25T15:15:00Z", - "LastModifiedDate": "2019-12-04T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3879", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3879", - "Title": "CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333", - "http://linux.oracle.com/cve/CVE-2010-3879.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html", - "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://openwall.com/lists/oss-security/2010/11/04/8", - "http://openwall.com/lists/oss-security/2010/11/05/2", - "http://osvdb.org/70520", - "http://secunia.com/advisories/42961", - "http://secunia.com/advisories/42965", - "http://www.halfdog.net/Security/FuseTimerace/", - "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155", - "http://www.securityfocus.com/bid/44623", - "http://www.ubuntu.com/usn/USN-1045-1", - "http://www.ubuntu.com/usn/USN-1045-2", - "http://www.vupen.com/english/advisories/2011/0181", - "http://www.vupen.com/english/advisories/2011/0302", - "https://bugs.launchpad.net/bugs/670622", - "https://bugzilla.novell.com/show_bug.cgi?id=651598", - "https://bugzilla.redhat.com/show_bug.cgi?id=651183", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3879", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986" - ], - "PublishedDate": "2011-01-22T22:00:00Z", - "LastModifiedDate": "2017-08-17T01:33:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0541", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0541", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f", - "http://linux.oracle.com/cve/CVE-2011-0541.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0541" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0542", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0542", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873", - "http://linux.oracle.com/cve/CVE-2011-0542.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0542" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2011-09-05T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-0543", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-0543", - "Title": "CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543 fuse: unprivileged user can unmount arbitrary locations via symlink attack", - "Description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", - "http://linux.oracle.com/cve/CVE-2011-0543.html", - "http://linux.oracle.com/errata/ELSA-2011-1083.html", - "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", - "http://www.openwall.com/lists/oss-security/2011/02/02/2", - "http://www.openwall.com/lists/oss-security/2011/02/03/5", - "http://www.openwall.com/lists/oss-security/2011/02/08/4", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0543" - ], - "PublishedDate": "2011-09-02T23:55:00Z", - "LastModifiedDate": "2014-02-12T04:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5011", - "PkgName": "libuuid", - "InstalledVersion": "2.17.2-12.28.el6_9.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5011", - "Title": "util-linux: Extended partition loop in MBR partition table leads to DOS", - "Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.7, - "V3Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.9, - "V3Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5011.html", - "http://linux.oracle.com/errata/ELSA-2016-2605.html", - "http://rhn.redhat.com/errata/RHSA-2016-2605.html", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801", - "http://www.openwall.com/lists/oss-security/2016/07/11/2", - "http://www.securityfocus.com/bid/91683", - "http://www.securitytracker.com/id/1036272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5011", - "https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3" - ], - "PublishedDate": "2017-04-11T15:59:00Z", - "LastModifiedDate": "2017-04-17T16:50:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0339", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0339", - "Title": "libxml2: CPU consumption DoS and other effects when performing string substitutions during external entities expansion", - "Description": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html", - "http://openwall.com/lists/oss-security/2013/02/21/24", - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://seclists.org/oss-sec/2013/q4/182", - "http://seclists.org/oss-sec/2013/q4/184", - "http://seclists.org/oss-sec/2013/q4/188", - "http://secunia.com/advisories/52662", - "http://secunia.com/advisories/54172", - "http://secunia.com/advisories/55568", - "http://www.debian.org/security/2013/dsa-2652", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.ubuntu.com/usn/USN-1904-1", - "http://www.ubuntu.com/usn/USN-1904-2", - "https://bugzilla.redhat.com/show_bug.cgi?id=915149", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339", - "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f", - "https://usn.ubuntu.com/usn/usn-1904-1" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2016-05-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2", - "InstalledVersion": "2.7.6-21.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5461", - "PkgName": "lua", - "InstalledVersion": "5.1.4-4.1.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", - "Title": "lua: overflow flaw in vararg functions", - "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0414.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", - "http://secunia.com/advisories/59890", - "http://secunia.com/advisories/60869", - "http://secunia.com/advisories/61411", - "http://www.debian.org/security/2014/dsa-3015", - "http://www.debian.org/security/2014/dsa-3016", - "http://www.lua.org/bugs.html#5.2.2-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", - "http://www.openwall.com/lists/oss-security/2014/08/21/1", - "http://www.openwall.com/lists/oss-security/2014/08/21/4", - "http://www.openwall.com/lists/oss-security/2014/08/27/2", - "http://www.securityfocus.com/bid/69342", - "http://www.ubuntu.com/usn/USN-2338-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", - "https://security.gentoo.org/glsa/201701-53", - "https://usn.ubuntu.com/usn/usn-2338-1" - ], - "PublishedDate": "2014-09-04T17:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-base", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.7-4.20090207.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1951", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", - "Title": "nspr: Memory allocation issue related to PR_*printf functions", - "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 7.5, - "V3Score": 8.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/92385", - "http://www.securitytracker.com/id/1036590", - "http://www.ubuntu.com/usn/USN-3023-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", - "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", - "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", - "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", - "https://usn.ubuntu.com/usn/usn-3023-1", - "https://usn.ubuntu.com/usn/usn-3028-1" - ], - "PublishedDate": "2016-08-07T19:59:00Z", - "LastModifiedDate": "2016-11-28T20:02:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3640", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", - "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", - "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 9.3 - } - }, - "References": [ - "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "http://code.google.com/p/chromium/issues/detail?id=97426", - "http://securityreason.com/securityalert/8483", - "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" - ], - "PublishedDate": "2011-10-28T02:49:00Z", - "LastModifiedDate": "2017-09-19T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12384", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "FixedVersion": "3.36.0-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", - "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", - "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12384.html", - "http://linux.oracle.com/errata/ELSA-2018-2898.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-04-29T15:29:00Z", - "LastModifiedDate": "2019-10-16T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2011-5094", - "PkgName": "nss", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", - "Title": "nss: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2012-06-18T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "FixedVersion": "3.44.0-6.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "FixedVersion": "3.44.0-6.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.14.3-23.3.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3640", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", - "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", - "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 9.3 - } - }, - "References": [ - "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "http://code.google.com/p/chromium/issues/detail?id=97426", - "http://securityreason.com/securityalert/8483", - "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" - ], - "PublishedDate": "2011-10-28T02:49:00Z", - "LastModifiedDate": "2017-09-19T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12384", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "FixedVersion": "3.36.0-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", - "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", - "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12384.html", - "http://linux.oracle.com/errata/ELSA-2018-2898.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-04-29T15:29:00Z", - "LastModifiedDate": "2019-10-16T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2011-5094", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", - "Title": "nss: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2012-06-18T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3640", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3640", - "Title": "nss: /pkcs11.txt and /secmod.db files read on initialization", - "Description": "** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"", - "Severity": "HIGH", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 9.3 - } - }, - "References": [ - "http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html", - "http://code.google.com/p/chromium/issues/detail?id=97426", - "http://securityreason.com/securityalert/8483", - "https://bugzilla.mozilla.org/show_bug.cgi?id=641052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13414" - ], - "PublishedDate": "2011-10-28T02:49:00Z", - "LastModifiedDate": "2017-09-19T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12384", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "FixedVersion": "3.36.0-9.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12384", - "Title": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", - "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12384.html", - "http://linux.oracle.com/errata/ELSA-2018-2898.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-04-29T15:29:00Z", - "LastModifiedDate": "2019-10-16T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2011-5094", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-8.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-5094", - "Title": "nss: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2012-06-18T04:00:00Z" - }, - { - "VulnerabilityID": "CVE-2009-3767", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-3767", - "Title": "OpenLDAP: Doesn't properly handle NULL character in subject Common Name", - "Description": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2009-3767.html", - "http://linux.oracle.com/errata/ELSA-2010-0198.html", - "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html", - "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", - "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2", - "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2", - "http://secunia.com/advisories/38769", - "http://secunia.com/advisories/40677", - "http://security.gentoo.org/glsa/glsa-201406-36.xml", - "http://support.apple.com/kb/HT3937", - "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h", - "http://www.redhat.com/support/errata/RHSA-2010-0543.html", - "http://www.redhat.com/support/errata/RHSA-2011-0896.html", - "http://www.vupen.com/english/advisories/2009/3056", - "http://www.vupen.com/english/advisories/2010/1858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274" - ], - "PublishedDate": "2009-10-23T19:30:00Z", - "LastModifiedDate": "2017-09-19T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1546", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", - "Title": "openldap: slapd crash in valueReturnFilter cleanup", - "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", - "http://secunia.com/advisories/62787", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", - "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", - "http://www.openldap.org/its/?findid=8046", - "http://www.openwall.com/lists/oss-security/2015/02/07/3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", - "https://support.apple.com/HT204659" - ], - "PublishedDate": "2015-02-12T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3276", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3276", - "Title": "openldap: incorrect multi-keyword mode cipherstring parsing", - "Description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3276.html", - "http://linux.oracle.com/errata/ELSA-2015-2131.html", - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" - ], - "PublishedDate": "2015-12-07T20:59:00Z", - "LastModifiedDate": "2016-10-15T02:01:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9287", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9287", - "Title": "openldap: Double free vulnerability in servers/slapd/back-mdb/search.c", - "Description": "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-9287.html", - "http://linux.oracle.com/errata/ELSA-2017-1852.html", - "http://www.debian.org/security/2017/dsa-3868", - "http://www.openldap.org/its/?findid=8655", - "http://www.securityfocus.com/bid/98736", - "http://www.securitytracker.com/id/1038591", - "https://access.redhat.com/errata/RHSA-2017:1852", - "https://bugs.debian.org/863563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287", - "https://usn.ubuntu.com/usn/usn-3307-1", - "https://usn.ubuntu.com/usn/usn-3307-2" - ], - "PublishedDate": "2017-05-29T16:29:00Z", - "LastModifiedDate": "2018-01-05T02:31:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4984", - "PkgName": "openldap", - "InstalledVersion": "2.4.40-16.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", - "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", - "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 2.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" - ], - "PublishedDate": "2017-07-17T13:18:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2011-3389", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389", - "Title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "Description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/", - "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/", - "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx", - "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx", - "http://curl.haxx.se/docs/adv_20120124B.html", - "http://downloads.asterisk.org/pub/security/AST-2016-001.html", - "http://ekoparty.org/2011/juliano-rizzo.php", - "http://eprint.iacr.org/2004/111", - "http://eprint.iacr.org/2006/136", - "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635", - "http://linux.oracle.com/cve/CVE-2011-3389.html", - "http://linux.oracle.com/errata/ELSA-2011-1380.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html", - "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html", - "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html", - "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", - "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html", - "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html", - "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html", - "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2", - "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue", - "http://osvdb.org/74829", - "http://rhn.redhat.com/errata/RHSA-2012-0508.html", - "http://rhn.redhat.com/errata/RHSA-2013-1455.html", - "http://secunia.com/advisories/45791", - "http://secunia.com/advisories/47998", - "http://secunia.com/advisories/48256", - "http://secunia.com/advisories/48692", - "http://secunia.com/advisories/48915", - "http://secunia.com/advisories/48948", - "http://secunia.com/advisories/49198", - "http://secunia.com/advisories/55322", - "http://secunia.com/advisories/55350", - "http://secunia.com/advisories/55351", - "http://security.gentoo.org/glsa/glsa-201203-02.xml", - "http://security.gentoo.org/glsa/glsa-201406-32.xml", - "http://support.apple.com/kb/HT4999", - "http://support.apple.com/kb/HT5001", - "http://support.apple.com/kb/HT5130", - "http://support.apple.com/kb/HT5281", - "http://support.apple.com/kb/HT5501", - "http://support.apple.com/kb/HT6150", - "http://technet.microsoft.com/security/advisory/2588513", - "http://vnhacker.blogspot.com/2011/09/beast.html", - "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", - "http://www.debian.org/security/2012/dsa-2398", - "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html", - "http://www.ibm.com/developerworks/java/jdk/alerts/", - "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html", - "http://www.insecure.cl/Beast-SSL.rar", - "http://www.kb.cert.org/vuls/id/864643", - "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058", - "http://www.opera.com/docs/changelogs/mac/1151/", - "http://www.opera.com/docs/changelogs/mac/1160/", - "http://www.opera.com/docs/changelogs/unix/1151/", - "http://www.opera.com/docs/changelogs/unix/1160/", - "http://www.opera.com/docs/changelogs/windows/1151/", - "http://www.opera.com/docs/changelogs/windows/1160/", - "http://www.opera.com/support/kb/view/1004/", - "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "http://www.redhat.com/support/errata/RHSA-2011-1384.html", - "http://www.redhat.com/support/errata/RHSA-2012-0006.html", - "http://www.securityfocus.com/bid/49388", - "http://www.securityfocus.com/bid/49778", - "http://www.securitytracker.com/id/1029190", - "http://www.securitytracker.com/id?1025997", - "http://www.securitytracker.com/id?1026103", - "http://www.securitytracker.com/id?1026704", - "http://www.ubuntu.com/usn/USN-1263-1", - "http://www.us-cert.gov/cas/techalerts/TA12-010A.html", - "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail", - "https://bugzilla.novell.com/show_bug.cgi?id=719047", - "https://bugzilla.redhat.com/show_bug.cgi?id=737506", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", - "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862", - "https://hermes.opensuse.org/messages/13154861", - "https://hermes.opensuse.org/messages/13155432", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752", - "https://usn.ubuntu.com/usn/usn-1263-1" - ], - "PublishedDate": "2011-09-06T19:55:00Z", - "LastModifiedDate": "2018-10-12T22:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-2566", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-2566", - "Title": "SSL/TLS: Attack against RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html", - "http://cr.yp.to/talks/2013.03.12/slides.pdf", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://marc.info/?l=bugtraq\u0026m=143039468003789\u0026w=2", - "http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4", - "http://security.gentoo.org/glsa/glsa-201406-19.xml", - "http://www.isg.rhul.ac.uk/tls/", - "http://www.mozilla.org/security/announce/2013/mfsa2013-103.html", - "http://www.opera.com/docs/changelogs/unified/1215/", - "http://www.opera.com/security/advisory/1046", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.securityfocus.com/bid/58796", - "http://www.ubuntu.com/usn/USN-2031-1", - "http://www.ubuntu.com/usn/USN-2032-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2566", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://security.gentoo.org/glsa/201504-01", - "https://usn.ubuntu.com/usn/usn-2031-1", - "https://usn.ubuntu.com/usn/usn-2032-1" - ], - "PublishedDate": "2013-03-15T21:55:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0732", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0732", - "Title": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang", - "Description": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0732.html", - "http://linux.oracle.com/errata/ELSA-2018-4249.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/104442", - "http://www.securitytracker.com/id/1041090", - "https://access.redhat.com/errata/RHSA-2018:2552", - "https://access.redhat.com/errata/RHSA-2018:2553", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", - "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", - "https://security.gentoo.org/glsa/201811-03", - "https://security.netapp.com/advisory/ntap-20181105-0001/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20180612.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-12", - "https://www.tenable.com/security/tns-2018-13", - "https://www.tenable.com/security/tns-2018-14", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-06-12T13:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0739", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0739", - "Title": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service", - "Description": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0739.html", - "http://linux.oracle.com/errata/ELSA-2018-4228.html", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103518", - "http://www.securityfocus.com/bid/105609", - "http://www.securitytracker.com/id/1040576", - "https://access.redhat.com/errata/RHSA-2018:3090", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://access.redhat.com/errata/RHSA-2019:0367", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d", - "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html", - "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", - "https://security.gentoo.org/glsa/201811-21", - "https://security.netapp.com/advisory/ntap-20180330-0002/", - "https://security.netapp.com/advisory/ntap-20180726-0002/", - "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", - "https://usn.ubuntu.com/3611-1/", - "https://usn.ubuntu.com/3611-2/", - "https://usn.ubuntu.com/usn/usn-3611-1", - "https://usn.ubuntu.com/usn/usn-3611-2", - "https://www.debian.org/security/2018/dsa-4157", - "https://www.debian.org/security/2018/dsa-4158", - "https://www.openssl.org/news/secadv/20180327.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-04", - "https://www.tenable.com/security/tns-2018-06", - "https://www.tenable.com/security/tns-2018-07" - ], - "PublishedDate": "2018-03-27T21:29:00Z", - "LastModifiedDate": "2019-04-23T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5407", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", - "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", - "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.8 } }, "References": [ - "http://linux.oracle.com/cve/CVE-2018-5407.html", - "http://linux.oracle.com/errata/ELSA-2019-2125.html", - "http://www.securityfocus.com/bid/105897", - "https://access.redhat.com/errata/RHSA-2019:0483", - "https://access.redhat.com/errata/RHSA-2019:0651", - "https://access.redhat.com/errata/RHSA-2019:0652", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", - "https://eprint.iacr.org/2018/1060.pdf", - "https://github.com/bbbrumley/portsmash", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20181126-0001/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.exploit-db.com/exploits/45785/", - "https://www.openssl.org/news/secadv/20181112.txt", - "https://www.openwall.com/lists/oss-security/2018/11/01/4", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" + "https://access.redhat.com/security/cve/CVE-2020-29573", + "https://linux.oracle.com/cve/CVE-2020-29573.html", + "https://linux.oracle.com/errata/ELSA-2021-0348.html", + "https://security.gentoo.org/glsa/202101-20", + "https://security.netapp.com/advisory/ntap-20210122-0004/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=26649", + "https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html" ], - "PublishedDate": "2018-11-15T21:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" + "PublishedDate": "2020-12-06T00:15:00Z", + "LastModifiedDate": "2021-01-26T18:15:00Z" }, { "VulnerabilityID": "CVE-2019-1559", + "VendorIDs": [ + "RHSA-2019:2471" + ], "PkgName": "openssl", "InstalledVersion": "1.0.1e-57.el6", "FixedVersion": "1.0.1e-58.el6_10", @@ -23878,7 +131,7 @@ "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "Severity": "MEDIUM", "CweIDs": [ - "CWE-200" + "CWE-203" ], "CVSS": { "nvd": { @@ -23888,3435 +141,57 @@ "V3Score": 5.9 }, "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 } }, "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", "http://www.securityfocus.com/bid/107174", + "https://access.redhat.com/errata/RHSA-2019:2304", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://access.redhat.com/errata/RHSA-2019:2439", + "https://access.redhat.com/errata/RHSA-2019:2471", + "https://access.redhat.com/errata/RHSA-2019:3929", + "https://access.redhat.com/errata/RHSA-2019:3931", + "https://access.redhat.com/security/cve/CVE-2019-1559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", "https://github.com/RUB-NDS/TLS-Padding-Oracles", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://linux.oracle.com/cve/CVE-2019-1559.html", + "https://linux.oracle.com/errata/ELSA-2019-2471.html", "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "https://security.gentoo.org/glsa/201903-10", "https://security.netapp.com/advisory/ntap-20190301-0001/", "https://security.netapp.com/advisory/ntap-20190301-0002/", "https://security.netapp.com/advisory/ntap-20190423-0002/", "https://support.f5.com/csp/article/K18549143", + "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://ubuntu.com/security/notices/USN-3899-1", + "https://ubuntu.com/security/notices/USN-4376-2", "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", + "https://usn.ubuntu.com/4376-2/", "https://www.debian.org/security/2019/dsa-4400", "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://www.tenable.com/security/tns-2019-02", "https://www.tenable.com/security/tns-2019-03" ], "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2011-1473", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2011-1473", - "Title": "openssl: DoS via repeated SSL session renegotiations", - "Description": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html", - "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2", - "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html", - "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html", - "http://www.openwall.com/lists/oss-security/2011/07/08/2", - "https://bugzilla.redhat.com/show_bug.cgi?id=707065", - "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E" - ], - "PublishedDate": "2012-06-16T21:55:00Z", - "LastModifiedDate": "2019-05-27T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-3735", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-3735", - "Title": "openssl: Malformed X.509 IPAdressFamily could cause OOB read", - "Description": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2017-3735.html", - "http://linux.oracle.com/errata/ELSA-2018-3221.html", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/100515", - "http://www.securitytracker.com/id/1039726", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735", - "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html", - "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc", - "https://security.gentoo.org/glsa/201712-03", - "https://security.netapp.com/advisory/ntap-20170927-0001/", - "https://security.netapp.com/advisory/ntap-20171107-0002/", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/3611-2/", - "https://usn.ubuntu.com/usn/usn-3475-1", - "https://usn.ubuntu.com/usn/usn-3611-2", - "https://www.debian.org/security/2017/dsa-4017", - "https://www.debian.org/security/2017/dsa-4018", - "https://www.openssl.org/news/secadv/20170828.txt", - "https://www.openssl.org/news/secadv/20171102.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2017-14", - "https://www.tenable.com/security/tns-2017-15" - ], - "PublishedDate": "2017-08-28T19:29:00Z", - "LastModifiedDate": "2019-04-23T19:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0735", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", - "Title": "openssl: timing side channel attack in the ECDSA signature generation", - "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0735.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://www.securityfocus.com/bid/105750", - "http://www.securitytracker.com/id/1041986", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.openssl.org/news/secadv/20181029.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2018-10-29T13:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0737", - "PkgName": "openssl", - "InstalledVersion": "1.0.1e-57.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0737", - "Title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys", - "Description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0737.html", - "http://linux.oracle.com/errata/ELSA-2018-4249.html", - "http://www.openwall.com/lists/oss-security/2018/04/16/3", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/103766", - "http://www.securitytracker.com/id/1040685", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", - "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", - "https://security.gentoo.org/glsa/201811-21", - "https://security.netapp.com/advisory/ntap-20180726-0003/", - "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", - "https://usn.ubuntu.com/3628-1/", - "https://usn.ubuntu.com/3628-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/usn/usn-3628-1", - "https://usn.ubuntu.com/usn/usn-3628-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20180416.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-12", - "https://www.tenable.com/security/tns-2018-13", - "https://www.tenable.com/security/tns-2018-14", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-04-16T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-2583", - "PkgName": "pam", - "InstalledVersion": "1.1.1-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-2583", - "Title": "pam: path traversal issue in pam_timestamp's format_timestamp_name()", - "Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://secunia.com/advisories/57317", - "http://www.openwall.com/lists/oss-security/2014/03/24/5", - "http://www.openwall.com/lists/oss-security/2014/03/26", - "http://www.openwall.com/lists/oss-security/2014/03/26/10", - "http://www.openwall.com/lists/oss-security/2014/03/31/6", - "http://www.securityfocus.com/bid/66493", - "http://www.ubuntu.com/usn/USN-2935-1", - "http://www.ubuntu.com/usn/USN-2935-2", - "http://www.ubuntu.com/usn/USN-2935-3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583", - "https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8", - "https://security.gentoo.org/glsa/201605-05", - "https://usn.ubuntu.com/usn/usn-2935-1" - ], - "PublishedDate": "2014-04-10T20:29:00Z", - "LastModifiedDate": "2019-01-03T15:01:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7041", - "PkgName": "pam", - "InstalledVersion": "1.1.1-24.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7041", - "Title": "pam: pam_userdb case insensitive password hash comparison", - "Description": "The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2013/12/09/16", - "http://www.openwall.com/lists/oss-security/2013/12/09/5", - "http://www.securityfocus.com/bid/64180", - "http://www.ubuntu.com/usn/USN-2935-1", - "http://www.ubuntu.com/usn/USN-2935-2", - "http://www.ubuntu.com/usn/USN-2935-3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731368", - "https://bugzilla.redhat.com/show_bug.cgi?id=1038555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7041", - "https://security.gentoo.org/glsa/201605-05", - "https://usn.ubuntu.com/usn/usn-2935-1" - ], - "PublishedDate": "2014-05-08T14:29:00Z", - "LastModifiedDate": "2016-12-03T03:00:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8382", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", - "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", - "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V2Score": 6.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", - "http://www.openwall.com/lists/oss-security/2015/08/04/2", - "http://www.openwall.com/lists/oss-security/2015/08/04/3", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/76157", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1537", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2016-12-28T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "pcre", - "InstalledVersion": "7.8-7.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1122", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", - "Title": "procps-ng, procps: Local privilege escalation in top", - "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1122.html", - "http://linux.oracle.com/errata/ELSA-2019-2189.html", - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://access.redhat.com/errata/RHSA-2019:2189", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1121", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", - "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", - "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", - "https://security.gentoo.org/glsa/201805-14", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-06-13T20:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1123", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", - "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", - "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1125", - "PkgName": "procps", - "InstalledVersion": "3.2.8-45.el6_9.3", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", - "Title": "procps-ng, procps: stack buffer overflow in pgrep", - "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "FixedVersion": "2.6.6-68.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9365", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9365", - "Title": "python: failure to validate certificates in the HTTP client with TLS (PEP 476)", - "Description": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.7 - } - }, - "References": [ - "http://bugs.python.org/issue22417", - "http://linux.oracle.com/cve/CVE-2014-9365.html", - "http://linux.oracle.com/errata/ELSA-2017-1868.html", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://seclists.org/oss-sec/2014/q4/1022", - "http://www.openwall.com/lists/oss-security/2014/12/11/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.securityfocus.com/bid/71639", - "https://access.redhat.com/errata/RHSA-2016:1166", - "https://access.redhat.com/errata/RHSA-2017:1162", - "https://access.redhat.com/errata/RHSA-2017:1868", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365", - "https://security.gentoo.org/glsa/201503-10", - "https://support.apple.com/kb/HT205031", - "https://www.python.org/dev/peps/pep-0476/", - "https://www.python.org/downloads/release/python-279/" - ], - "PublishedDate": "2014-12-12T11:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1061", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", - "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1061.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-06-19T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3492", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3492", - "Title": "python accept() implementation in async core is broken", - "Description": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue6706", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216", - "http://www.openwall.com/lists/oss-security/2010/09/09/6", - "http://www.openwall.com/lists/oss-security/2010/09/11/2", - "http://www.openwall.com/lists/oss-security/2010/09/22/3", - "http://www.openwall.com/lists/oss-security/2010/09/24/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111" - ], - "PublishedDate": "2010-10-19T20:00:00Z", - "LastModifiedDate": "2019-10-29T00:56:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5636", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5636", - "Title": "python: Heap overflow in zipimporter module", - "Description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.4, - "V3Score": 4.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5636.html", - "http://linux.oracle.com/errata/ELSA-2016-2586.html", - "http://rhn.redhat.com/errata/RHSA-2016-2586.html", - "http://www.openwall.com/lists/oss-security/2016/06/15/15", - "http://www.openwall.com/lists/oss-security/2016/06/16/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91247", - "http://www.securitytracker.com/id/1038138", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://bugs.python.org/issue26171", - "https://bugs.python.org/msg278228", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636", - "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2", - "https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", - "https://security.gentoo.org/glsa/201701-18", - "https://usn.ubuntu.com/usn/usn-3134-1" - ], - "PublishedDate": "2016-09-02T14:59:00Z", - "LastModifiedDate": "2019-02-09T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1060", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", - "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1060.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-06-18T14:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "FixedVersion": "2.6.6-68.el6_10", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9365", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9365", - "Title": "python: failure to validate certificates in the HTTP client with TLS (PEP 476)", - "Description": "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 5.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 5.8, - "V3Score": 4.7 - } - }, - "References": [ - "http://bugs.python.org/issue22417", - "http://linux.oracle.com/cve/CVE-2014-9365.html", - "http://linux.oracle.com/errata/ELSA-2017-1868.html", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://seclists.org/oss-sec/2014/q4/1022", - "http://www.openwall.com/lists/oss-security/2014/12/11/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.securityfocus.com/bid/71639", - "https://access.redhat.com/errata/RHSA-2016:1166", - "https://access.redhat.com/errata/RHSA-2017:1162", - "https://access.redhat.com/errata/RHSA-2017:1868", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365", - "https://security.gentoo.org/glsa/201503-10", - "https://support.apple.com/kb/HT205031", - "https://www.python.org/dev/peps/pep-0476/", - "https://www.python.org/downloads/release/python-279/" - ], - "PublishedDate": "2014-12-12T11:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1061", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1061", - "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1061.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-06-19T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2010-3492", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2010-3492", - "Title": "python accept() implementation in async core is broken", - "Description": "The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue6706", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215", - "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216", - "http://www.openwall.com/lists/oss-security/2010/09/09/6", - "http://www.openwall.com/lists/oss-security/2010/09/11/2", - "http://www.openwall.com/lists/oss-security/2010/09/22/3", - "http://www.openwall.com/lists/oss-security/2010/09/24/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492", - "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111" - ], - "PublishedDate": "2010-10-19T20:00:00Z", - "LastModifiedDate": "2019-10-29T00:56:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5636", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5636", - "Title": "python: Heap overflow in zipimporter module", - "Description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.4, - "V3Score": 4.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-5636.html", - "http://linux.oracle.com/errata/ELSA-2016-2586.html", - "http://rhn.redhat.com/errata/RHSA-2016-2586.html", - "http://www.openwall.com/lists/oss-security/2016/06/15/15", - "http://www.openwall.com/lists/oss-security/2016/06/16/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91247", - "http://www.securitytracker.com/id/1038138", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://bugs.python.org/issue26171", - "https://bugs.python.org/msg278228", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636", - "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2", - "https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", - "https://security.gentoo.org/glsa/201701-18", - "https://usn.ubuntu.com/usn/usn-3134-1" - ], - "PublishedDate": "2016-09-02T14:59:00Z", - "LastModifiedDate": "2019-02-09T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1060", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1060", - "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", - "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1060.html", - "http://linux.oracle.com/errata/ELSA-2018-3041.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", - "http://www.securitytracker.com/id/1042001", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3041", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://bugs.python.org/issue32981", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", - "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", - "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "PublishedDate": "2018-06-18T14:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python-libs", - "InstalledVersion": "2.6.6-66.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-2524", - "PkgName": "readline", - "InstalledVersion": "6.0-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-2524", - "Title": "readline: insecure temporary file use in _rl_tropen()", - "Description": "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0319.html", - "http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", - "http://seclists.org/oss-sec/2014/q1/579", - "http://seclists.org/oss-sec/2014/q1/587", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:154", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1077023", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524", - "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html" - ], - "PublishedDate": "2014-08-20T14:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7091", - "PkgName": "readline", - "InstalledVersion": "6.0-4.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", - "Title": "sudo: Possible info leak via INPUTRC", - "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.9, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V2Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7091.html", - "http://linux.oracle.com/errata/ELSA-2016-2593.html", - "http://www.securityfocus.com/bid/92615", - "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", - "https://rhn.redhat.com/errata/RHSA-2016-2593.html" - ], - "PublishedDate": "2016-12-22T21:59:00Z", - "LastModifiedDate": "2016-12-23T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-libs", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-libs", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-python", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-python", - "InstalledVersion": "4.8.0-59.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1113", - "PkgName": "setup", - "InstalledVersion": "2.8.14-23.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1113", - "Title": "setup: nologin listed in /etc/shells violates security expectations", - "Description": "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1113.html", - "http://linux.oracle.com/errata/ELSA-2018-3249.html", - "https://access.redhat.com/errata/RHBA-2019:0327", - "https://access.redhat.com/errata/RHSA-2018:3249", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113" - ], - "PublishedDate": "2018-07-03T01:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4235", - "PkgName": "shadow-utils", - "InstalledVersion": "2:4.1.5.1-5.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235", - "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", - "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", - "Severity": "LOW", - "CweIDs": [ - "CWE-367" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 3.7, - "V3Score": 6.7 - } - }, - "References": [ - "https://access.redhat.com/security/cve/cve-2013-4235", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235", - "https://security-tracker.debian.org/tracker/CVE-2013-4235" - ], - "PublishedDate": "2019-12-03T15:15:00Z", - "LastModifiedDate": "2019-12-13T15:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7000", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", - "Title": "chromium-browser: pointer disclosure in sqlite", - "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98767", - "http://www.securityfocus.com/bid/99950", - "https://access.redhat.com/errata/RHSA-2017:1833", - "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", - "https://security.gentoo.org/glsa/201709-15", - "https://support.apple.com/HT207797", - "https://support.apple.com/HT207798", - "https://www.debian.org/security/2017/dsa-3926", - "https://www.sqlite.org/bindptr.html" - ], - "PublishedDate": "2018-04-03T06:29:00Z", - "LastModifiedDate": "2018-04-27T18:00:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6153", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", - "Title": "sqlite: Tempdir selection vulnerability", - "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", - "V2Score": 1.2, - "V3Score": 2.2 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/07/01/1", - "http://www.openwall.com/lists/oss-security/2016/07/01/2", - "http://www.securityfocus.com/bid/91546", - "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", - "https://www.sqlite.org/releaselog/3_13_0.html", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-09-26T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10989", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", - "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", - "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.securityfocus.com/bid/99502", - "http://www.securitytracker.com/id/1039427", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://sqlite.org/src/info/66de6f4a", - "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-07-07T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13685", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", - "Title": "sqlite: Local DoS via dump_callback function", - "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "http://www.securityfocus.com/bid/100521", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2017-08-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15286", - "PkgName": "sqlite", - "InstalledVersion": "3.6.20-1.el6_7.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", - "Title": "sqlite: NULL pointer dereference in tableColumnList", - "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", - "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" - ], - "PublishedDate": "2017-10-12T08:29:00Z", - "LastModifiedDate": "2017-10-27T14:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6321", - "PkgName": "tar", - "InstalledVersion": "2:1.23-15.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", - "Title": "tar: Bypassing the extract path name", - "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", - "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", - "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", - "http://seclists.org/fulldisclosure/2016/Oct/102", - "http://seclists.org/fulldisclosure/2016/Oct/96", - "http://www.debian.org/security/2016/dsa-3702", - "http://www.securityfocus.com/bid/93937", - "http://www.ubuntu.com/usn/USN-3132-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", - "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", - "https://usn.ubuntu.com/usn/usn-3132-1" - ], - "PublishedDate": "2016-12-09T22:59:00Z", - "LastModifiedDate": "2017-07-01T01:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "2:1.23-15.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "2:1.23-15.el6_8", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "FixedVersion": "2:7.4.629-5.el6_10.2", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000382", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", - "Title": "vim: Ignores umask when creating a swap file", - "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=120", - "http://www.openwall.com/lists/oss-security/2017/10/31/1" - ], - "PublishedDate": "2017-10-31T20:29:00Z", - "LastModifiedDate": "2017-11-27T16:24:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11109", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", - "Title": "vim: Use-after-free via crafted file", - "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", - "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17087", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", - "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", - "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/11/27/2", - "http://security.cucumberlinux.com/security/details.php?id=166", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", - "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", - "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" - ], - "PublishedDate": "2017-12-01T08:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5953", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", - "Title": "vim: Tree length values not validated properly when handling a spell file", - "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3786", - "http://www.securityfocus.com/bid/96217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", - "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", - "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", - "https://security.gentoo.org/glsa/201706-26", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/usn/usn-4016-1" - ], - "PublishedDate": "2017-02-10T07:59:00Z", - "LastModifiedDate": "2019-06-11T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6350", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-5.el6_8.1", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", - "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", - "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96448", - "http://www.securitytracker.com/id/1037949", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", - "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", - "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", - "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", - "https://security.gentoo.org/glsa/201706-26" - ], - "PublishedDate": "2017-02-27T07:59:00Z", - "LastModifiedDate": "2018-08-13T21:47:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4035", - "PkgName": "xz-libs", - "InstalledVersion": "4.999.9-0.5.beta.20091007git.el6", - "Layer": { - "DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4035", - "Title": "xzgrep: incorrect parsing of filenames containing a semicolon", - "Description": "scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2015/q2/484", - "http://www.openwall.com/lists/oss-security/2015/05/19/13", - "https://bugzilla.redhat.com/show_bug.cgi?id=1223341", - "https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f4b2b52624b802c786e4e2a8eb6895794dd93b24" - ], - "PublishedDate": "2017-07-25T18:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" + "LastModifiedDate": "2021-01-20T15:15:00Z" } ] } diff --git a/integration/testdata/centos-7-ignore-unfixed.json.golden b/integration/testdata/centos-7-ignore-unfixed.json.golden index cbba834e6c..9983dea7f9 100644 --- a/integration/testdata/centos-7-ignore-unfixed.json.golden +++ b/integration/testdata/centos-7-ignore-unfixed.json.golden @@ -64,3448 +64,11 @@ "Class": "os-pkgs", "Type": "centos", "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.9.4-74.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.11.4-9.P2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000876", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", - "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", - "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000876.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/106304", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-08-06T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5407", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-16.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", - "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", - "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5407.html", - "http://linux.oracle.com/errata/ELSA-2019-2125.html", - "http://www.securityfocus.com/bid/105897", - "https://access.redhat.com/errata/RHSA-2019:0483", - "https://access.redhat.com/errata/RHSA-2019:0651", - "https://access.redhat.com/errata/RHSA-2019:0652", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", - "https://eprint.iacr.org/2018/1060.pdf", - "https://github.com/bbbrumley/portsmash", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20181126-0001/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.exploit-db.com/exploits/45785/", - "https://www.openssl.org/news/secadv/20181112.txt", - "https://www.openwall.com/lists/oss-security/2018/11/01/4", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-11-15T21:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, { "VulnerabilityID": "CVE-2019-1559", + "VendorIDs": [ + "RHSA-2019:2304" + ], "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", @@ -3518,7 +81,7 @@ "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "Severity": "MEDIUM", "CweIDs": [ - "CWE-200" + "CWE-203" ], "CVSS": { "nvd": { @@ -3528,42 +91,63 @@ "V3Score": 5.9 }, "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 } }, "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", "http://www.securityfocus.com/bid/107174", + "https://access.redhat.com/errata/RHSA-2019:2304", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://access.redhat.com/errata/RHSA-2019:2439", + "https://access.redhat.com/errata/RHSA-2019:2471", + "https://access.redhat.com/errata/RHSA-2019:3929", + "https://access.redhat.com/errata/RHSA-2019:3931", + "https://access.redhat.com/security/cve/CVE-2019-1559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", "https://github.com/RUB-NDS/TLS-Padding-Oracles", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://linux.oracle.com/cve/CVE-2019-1559.html", + "https://linux.oracle.com/errata/ELSA-2019-2471.html", "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "https://security.gentoo.org/glsa/201903-10", "https://security.netapp.com/advisory/ntap-20190301-0001/", "https://security.netapp.com/advisory/ntap-20190301-0002/", "https://security.netapp.com/advisory/ntap-20190423-0002/", "https://support.f5.com/csp/article/K18549143", + "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://ubuntu.com/security/notices/USN-3899-1", + "https://ubuntu.com/security/notices/USN-4376-2", "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", + "https://usn.ubuntu.com/4376-2/", "https://www.debian.org/security/2019/dsa-4400", "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://www.tenable.com/security/tns-2019-02", "https://www.tenable.com/security/tns-2019-03" ], "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" + "LastModifiedDate": "2021-01-20T15:15:00Z" }, { "VulnerabilityID": "CVE-2018-0734", + "VendorIDs": [ + "RHSA-2019:2304" + ], "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", @@ -3576,7 +160,7 @@ "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "Severity": "LOW", "CweIDs": [ - "CWE-320" + "CWE-327" ], "CVSS": { "nvd": { @@ -3591,1138 +175,43 @@ } }, "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", "http://www.securityfocus.com/bid/105758", + "https://access.redhat.com/errata/RHSA-2019:2304", + "https://access.redhat.com/errata/RHSA-2019:3700", + "https://access.redhat.com/errata/RHSA-2019:3932", + "https://access.redhat.com/errata/RHSA-2019:3933", + "https://access.redhat.com/errata/RHSA-2019:3935", + "https://access.redhat.com/security/cve/CVE-2018-0734", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://linux.oracle.com/cve/CVE-2018-0734.html", + "https://linux.oracle.com/errata/ELSA-2019-3700.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "https://security.netapp.com/advisory/ntap-20181105-0002/", "https://security.netapp.com/advisory/ntap-20190118-0002/", "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://ubuntu.com/security/notices/USN-3840-1", "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", "https://www.debian.org/security/2018/dsa-4348", "https://www.debian.org/security/2018/dsa-4355", "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/security-alerts/cpuapr2020.html", + "https://www.oracle.com/security-alerts/cpujan2020.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "https://www.tenable.com/security/tns-2018-16", "https://www.tenable.com/security/tns-2018-17" ], "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1122", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "FixedVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", - "Title": "procps-ng, procps: Local privilege escalation in top", - "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1122.html", - "http://linux.oracle.com/errata/ELSA-2019-2189.html", - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://access.redhat.com/errata/RHSA-2019:2189", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "FixedVersion": "2:7.4.160-6.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" + "LastModifiedDate": "2020-08-24T17:37:00Z" } ] } diff --git a/integration/testdata/centos-7-low-high.json.golden b/integration/testdata/centos-7-low-high.json.golden deleted file mode 100644 index a25c66cfd9..0000000000 --- a/integration/testdata/centos-7-low-high.json.golden +++ /dev/null @@ -1,2588 +0,0 @@ -{ - "SchemaVersion": 2, - "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", - "ArtifactType": "container_image", - "Metadata": { - "OS": { - "Family": "centos", - "Name": "7.6.1810" - }, - "ImageID": "sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1", - "DiffIDs": [ - "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - ], - "ImageConfig": { - "architecture": "amd64", - "container": "958baf5225f586da9c70a21e911a0a875402dd22d83133d78b3b3aa6130e7892", - "created": "2019-03-14T21:19:53.361167852Z", - "docker_version": "18.06.1-ce", - "history": [ - { - "created": "2019-03-14T21:19:52.66982152Z", - "created_by": "/bin/sh -c #(nop) ADD file:074f2c974463ab38cf3532134e8ba2c91c9e346457713f2e8b8e2ac0ee9fd83d in / " - }, - { - "created": "2019-03-14T21:19:53.099141434Z", - "created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20190305", - "empty_layer": true - }, - { - "created": "2019-03-14T21:19:53.361167852Z", - "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", - "empty_layer": true - } - ], - "os": "linux", - "rootfs": { - "type": "layers", - "diff_ids": [ - "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - ] - }, - "config": { - "Cmd": [ - "/bin/bash" - ], - "Env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - ], - "Image": "sha256:294e8d8145287e70f07328cc09d840fad8980b801223321b983442f097aff0d8", - "Labels": { - "org.label-schema.build-date": "20190305", - "org.label-schema.license": "GPLv2", - "org.label-schema.name": "CentOS Base Image", - "org.label-schema.schema-version": "1.0", - "org.label-schema.vendor": "CentOS" - }, - "ArgsEscaped": true - } - } - }, - "Results": [ - { - "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", - "Class": "os-pkgs", - "Type": "centos", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.9.4-74.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0734", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0734", - "Title": "openssl: timing side channel attack in the DSA signature algorithm", - "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", - "http://www.securityfocus.com/bid/105758", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://security.netapp.com/advisory/ntap-20190118-0002/", - "https://security.netapp.com/advisory/ntap-20190423-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.openssl.org/news/secadv/20181030.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "FixedVersion": "2:7.4.160-6.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - } - ] - } - ] -} \ No newline at end of file diff --git a/integration/testdata/centos-7-medium.json.golden b/integration/testdata/centos-7-medium.json.golden new file mode 100644 index 0000000000..afb9383858 --- /dev/null +++ b/integration/testdata/centos-7-medium.json.golden @@ -0,0 +1,149 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/images/centos-7.tar.gz", + "ArtifactType": "container_image", + "Metadata": { + "OS": { + "Family": "centos", + "Name": "7.6.1810" + }, + "ImageID": "sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1", + "DiffIDs": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + ], + "ImageConfig": { + "architecture": "amd64", + "container": "958baf5225f586da9c70a21e911a0a875402dd22d83133d78b3b3aa6130e7892", + "created": "2019-03-14T21:19:53.361167852Z", + "docker_version": "18.06.1-ce", + "history": [ + { + "created": "2019-03-14T21:19:52.66982152Z", + "created_by": "/bin/sh -c #(nop) ADD file:074f2c974463ab38cf3532134e8ba2c91c9e346457713f2e8b8e2ac0ee9fd83d in / " + }, + { + "created": "2019-03-14T21:19:53.099141434Z", + "created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20190305", + "empty_layer": true + }, + { + "created": "2019-03-14T21:19:53.361167852Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + ] + }, + "config": { + "Cmd": [ + "/bin/bash" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Image": "sha256:294e8d8145287e70f07328cc09d840fad8980b801223321b983442f097aff0d8", + "Labels": { + "org.label-schema.build-date": "20190305", + "org.label-schema.license": "GPLv2", + "org.label-schema.name": "CentOS Base Image", + "org.label-schema.schema-version": "1.0", + "org.label-schema.vendor": "CentOS" + }, + "ArgsEscaped": true + } + } + }, + "Results": [ + { + "Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)", + "Class": "os-pkgs", + "Type": "centos", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-1559", + "VendorIDs": [ + "RHSA-2019:2304" + ], + "PkgName": "openssl-libs", + "InstalledVersion": "1:1.0.2k-16.el7", + "FixedVersion": "1:1.0.2k-19.el7", + "Layer": { + "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" + }, + "SeveritySource": "redhat", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559", + "Title": "openssl: 0-byte record padding oracle", + "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", + "http://www.securityfocus.com/bid/107174", + "https://access.redhat.com/errata/RHSA-2019:2304", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://access.redhat.com/errata/RHSA-2019:2439", + "https://access.redhat.com/errata/RHSA-2019:2471", + "https://access.redhat.com/errata/RHSA-2019:3929", + "https://access.redhat.com/errata/RHSA-2019:3931", + "https://access.redhat.com/security/cve/CVE-2019-1559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", + "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://linux.oracle.com/cve/CVE-2019-1559.html", + "https://linux.oracle.com/errata/ELSA-2019-2471.html", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", + "https://security.gentoo.org/glsa/201903-10", + "https://security.netapp.com/advisory/ntap-20190301-0001/", + "https://security.netapp.com/advisory/ntap-20190301-0002/", + "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://support.f5.com/csp/article/K18549143", + "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://ubuntu.com/security/notices/USN-3899-1", + "https://ubuntu.com/security/notices/USN-4376-2", + "https://usn.ubuntu.com/3899-1/", + "https://usn.ubuntu.com/4376-2/", + "https://www.debian.org/security/2019/dsa-4400", + "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/security-alerts/cpujan2021.html", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", + "https://www.tenable.com/security/tns-2019-02", + "https://www.tenable.com/security/tns-2019-03" + ], + "PublishedDate": "2019-02-27T23:29:00Z", + "LastModifiedDate": "2021-01-20T15:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/centos-7.json.golden b/integration/testdata/centos-7.json.golden index d1fd1c5738..c77474e8b3 100644 --- a/integration/testdata/centos-7.json.golden +++ b/integration/testdata/centos-7.json.golden @@ -64,120 +64,6 @@ "Class": "os-pkgs", "Type": "centos", "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2015-5186", - "PkgName": "audit-libs", - "InstalledVersion": "2.8.4-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", - "Title": "Audit: log terminal emulator escape sequences handling", - "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/08/13/9", - "http://www.securityfocus.com/bid/76840", - "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", - "https://people.redhat.com/sgrubb/audit/ChangeLog" - ], - "PublishedDate": "2017-09-06T21:29:00Z", - "LastModifiedDate": "2017-09-13T11:17:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6711", - "PkgName": "bash", - "InstalledVersion": "4.2.46-31.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", - "Title": "bash: heap-based buffer overflow during echo of unsupported characters", - "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", - "http://www.securityfocus.com/bid/108824", - "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" - ], - "PublishedDate": "2019-06-18T18:15:00Z", - "LastModifiedDate": "2019-06-20T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9924", - "PkgName": "bash", - "InstalledVersion": "4.2.46-31.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", - "Title": "bash: BASH_CMD is writable in restricted bash shells", - "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", - "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", - "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", - "https://security.netapp.com/advisory/ntap-20190411-0001/", - "https://usn.ubuntu.com/usn/usn-4058-1", - "https://usn.ubuntu.com/usn/usn-4058-2" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-11T22:29:00Z" - }, { "VulnerabilityID": "CVE-2019-18276", "PkgName": "bash", @@ -196,7 +82,9 @@ "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -205,24544 +93,24 @@ }, "References": [ "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://linux.oracle.com/cve/CVE-2019-18276.html", + "https://linux.oracle.com/errata/ELSA-2021-1679.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://security.gentoo.org/glsa/202105-34", + "https://security.netapp.com/advisory/ntap-20200430-0003/", "https://www.youtube.com/watch?v=-wGtxJ8opa8" ], "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5743", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.9.4-74.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5743", - "Title": "bind: Limiting simultaneous TCP clients is ineffective", - "Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "V3Score": 8.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5743.html", - "http://linux.oracle.com/errata/ELSA-2019-1492.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", - "https://kb.isc.org/docs/cve-2018-5743", - "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-3956-1", - "https://usn.ubuntu.com/usn/usn-3956-2", - "https://www.synology.com/security/advisory/Synology_SA_19_20" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5741", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "FixedVersion": "32:9.11.4-9.P2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5741", - "Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies", - "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5741.html", - "http://linux.oracle.com/errata/ELSA-2019-2057.html", - "http://www.securityfocus.com/bid/105379", - "http://www.securitytracker.com/id/1041674", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", - "https://kb.isc.org/docs/cve-2018-5741", - "https://security.gentoo.org/glsa/201903-13", - "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us" - ], - "PublishedDate": "2019-01-16T20:29:00Z", - "LastModifiedDate": "2019-07-26T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6477", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6477", - "Title": "bind: TCP Pipelining doesn't limit TCP clients on a single connection", - "Description": "With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477", - "https://kb.isc.org/docs/cve-2019-6477", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/", - "https://support.f5.com/csp/article/K15840535?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://usn.ubuntu.com/usn/usn-4197-1", - "https://www.synology.com/security/advisory/Synology_SA_19_39" - ], - "PublishedDate": "2019-11-26T16:15:00Z", - "LastModifiedDate": "2019-12-18T18:30:00Z" - }, - { - "VulnerabilityID": "CVE-2013-5661", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-5661", - "Title": "DNS response rate limiting can simplify cache poisoning attacks", - "Description": "Cache Poisoning issue exists in DNS Response Rate Limiting.", - "Severity": "LOW", - "CweIDs": [ - "CWE-290" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661", - "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661", - "https://security-tracker.debian.org/tracker/CVE-2013-5661" - ], - "PublishedDate": "2019-11-05T19:15:00Z", - "LastModifiedDate": "2019-11-08T19:04:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6170", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6170", - "Title": "bind: Improper restriction of zone size limit", - "Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4, - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/06/3", - "http://www.securityfocus.com/bid/91611", - "http://www.securitytracker.com/id/1036241", - "https://bugzilla.redhat.com/show_bug.cgi?id=1353563", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170", - "https://github.com/sischkg/xfer-limit/blob/master/README.md", - "https://kb.isc.org/article/AA-01390", - "https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html", - "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html", - "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html", - "https://security.gentoo.org/glsa/201610-07" - ], - "PublishedDate": "2016-07-06T14:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5745", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5745", - "Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys", - "Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", - "Severity": "LOW", - "CweIDs": [ - "CWE-327" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V2Score": 3.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 4.9 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5745.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", - "https://kb.isc.org/docs/cve-2018-5745", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-6465", - "PkgName": "bind-license", - "InstalledVersion": "32:9.9.4-73.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6465", - "Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable", - "Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", - "Severity": "LOW", - "CweIDs": [ - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-6465.html", - "http://linux.oracle.com/errata/ELSA-2019-3552.html", - "https://access.redhat.com/errata/RHSA-2019:3552", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", - "https://kb.isc.org/docs/cve-2019-6465", - "https://usn.ubuntu.com/usn/usn-3893-1", - "https://usn.ubuntu.com/usn/usn-3893-2" - ], - "PublishedDate": "2019-10-09T16:15:00Z", - "LastModifiedDate": "2019-12-16T16:57:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6965", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", - "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6966", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", - "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000876", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000876", - "Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump", - "Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1000876.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/106304", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23994", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f" - ], - "PublishedDate": "2018-12-20T17:29:00Z", - "LastModifiedDate": "2019-08-06T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9074", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9074", - "Title": "binutils: out-of-bound read in function bfd_getl32 in libbfd.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24235", - "https://support.f5.com/csp/article/K09092524" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9075", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9075", - "Title": "binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24236", - "https://support.f5.com/csp/article/K42059040" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9077", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", - "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", - "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107139", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", - "https://support.f5.com/csp/article/K00056379" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9939", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", - "Title": "binutils: buffer overflow in ihex.c", - "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/07/31/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8538", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", - "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", - "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 1.7 - } - }, - "References": [ - "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", - "http://www.openwall.com/lists/oss-security/2015/12/09/2", - "http://www.openwall.com/lists/oss-security/2015/12/10/3", - "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", - "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" - ], - "PublishedDate": "2017-06-07T20:29:00Z", - "LastModifiedDate": "2017-06-14T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12449", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", - "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", - "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:39:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12451", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", - "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", - "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12452", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", - "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", - "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12453", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", - "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", - "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:35:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12454", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", - "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", - "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12455", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", - "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", - "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12456", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", - "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", - "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12457", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", - "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", - "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12458", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", - "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", - "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T14:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12799", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", - "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", - "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100292", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" - ], - "PublishedDate": "2017-08-10T18:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12967", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", - "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", - "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" - ], - "PublishedDate": "2017-08-19T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13710", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", - "Title": "binutils: NULL pointer dereference in the setup_group function", - "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100499", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" - ], - "PublishedDate": "2017-08-27T16:29:00Z", - "LastModifiedDate": "2017-08-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13716", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", - "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", - "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" - ], - "PublishedDate": "2017-08-28T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13757", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", - "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100532", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" - ], - "PublishedDate": "2017-08-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14128", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", - "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14129", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", - "Title": "binutils: Heap-based buffer over-read in the read_section function", - "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100624", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14130", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", - "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", - "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100625", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14529", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", - "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", - "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" - ], - "PublishedDate": "2017-09-18T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14729", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", - "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" - ], - "PublishedDate": "2017-09-25T16:29:00Z", - "LastModifiedDate": "2017-09-28T16:51:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14745", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", - "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" - ], - "PublishedDate": "2017-09-26T16:29:00Z", - "LastModifiedDate": "2017-09-29T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14930", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", - "Title": "binutils: Memory leak in decode_line_info", - "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14932", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", - "Title": "binutils: Infinite loop in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14933", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", - "Title": "binutils: Infinite loop in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14934", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", - "Title": "binutils: Infinite loop in process_debug_info", - "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-131", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14938", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", - "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", - "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101212", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14939", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101216", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", - "https://www.exploit-db.com/exploits/42970/" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14940", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", - "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", - "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2017-10-03T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14974", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", - "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" - ], - "PublishedDate": "2017-10-02T01:29:00Z", - "LastModifiedDate": "2017-10-05T16:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15020", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", - "Title": "binutils: Heap-based buffer overflow in parse_die", - "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15021", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", - "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", - "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15022", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", - "Title": "binutils: NULL pointer dereference in dwarf2.c", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15023", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", - "Title": "binutils: NULL pointer dereference in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101611", - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15024", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", - "Title": "binutils: Infinite recursion in find_abstract_instance_name", - "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15025", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", - "Title": "binutils: Divide-by-zero in decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:38:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15225", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", - "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", - "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" - ], - "PublishedDate": "2017-10-10T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15938", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", - "Title": "binutils: Invalid memory read in find_abstract_instance_name", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101610", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15939", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", - "Title": "binutils: NULL pointer dereference in the concat_filename", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101613", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15996", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", - "Title": "binutils: Excessive memory allocation in elfcomm.c", - "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101608", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" - ], - "PublishedDate": "2017-10-29T17:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16826", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", - "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", - "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16827", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", - "Title": "binutils: Invalid free in the aout_get_external_symbols function", - "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16828", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", - "Title": "binutils: Integer overflow in the display_debug_frames function", - "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16829", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", - "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", - "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16830", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", - "Title": "binutils: Segmentation fault in the print_gnu_property_note function", - "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16831", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", - "Title": "binutils: Integer overflow in coffgen.c", - "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16832", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", - "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", - "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17080", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", - "Title": "binutils: Heap-based buffer over-read in bfd_getl32", - "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" - ], - "PublishedDate": "2017-11-30T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17121", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", - "Title": "binutils: Memory access violation via a crafted COFF binary", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17122", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", - "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", - "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-14T02:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17123", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", - "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", - "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17124", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", - "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", - "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17125", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", - "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", - "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17126", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", - "Title": "binutils: Invalid memory access in the load_debug_section function", - "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-13T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6969", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", - "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", - "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/16/8", - "http://www.securityfocus.com/bid/97065", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7209", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", - "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", - "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96994", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7210", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", - "Title": "binutils: Heap-based buffer over-reads in objdump", - "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96992", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7223", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", - "Title": "binutils: Global buffer overflow when attempting to unget EOF character", - "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7224", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", - "Title": "binutils: Invalid write in find_nearest_line function", - "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97277", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7225", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", - "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", - "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97275", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7226", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", - "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", - "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7227", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", - "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", - "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97209", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7299", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", - "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7300", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", - "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97219", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7301", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", - "Title": "binutils: Off-by-one error in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97218", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:02:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7302", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", - "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7303", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", - "Title": "binutils: Out-of-bounds read in find_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97213", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7304", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", - "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97215", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:06:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7614", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", - "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", - "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", - "https://security.gentoo.org/glsa/201709-02" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8392", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", - "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8393", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", - "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8394", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", - "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8395", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", - "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8396", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", - "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8397", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", - "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8398", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", - "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", - "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8421", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", - "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", - "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" - ], - "PublishedDate": "2017-05-02T17:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9038", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", - "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98589", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9039", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", - "Title": "binutils: Memory consumption via many program headers", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98580", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9040", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", - "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", - "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98579", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9041", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", - "Title": "binutils: Heap buffer overflow in the process_mips_specific function", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98598", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9042", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", - "Title": "binutils: Invalid variable type in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-704" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9043", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", - "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98591", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9044", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", - "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", - "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98587", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9742", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", - "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", - "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99105", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", - "https://www.exploit-db.com/exploits/42203/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9743", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", - "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", - "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99106", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9744", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", - "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", - "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99108", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:10:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9745", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", - "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", - "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99109", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9746", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", - "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", - "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99117", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", - "https://www.exploit-db.com/exploits/42199/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9747", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", - "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", - "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99114", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", - "https://www.exploit-db.com/exploits/42200/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-13T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9748", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", - "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", - "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99110", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", - "https://www.exploit-db.com/exploits/42202/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9749", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", - "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", - "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99113", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", - "https://www.exploit-db.com/exploits/42201/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9750", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", - "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", - "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99118", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", - "https://www.exploit-db.com/exploits/42198/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9751", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", - "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", - "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99111", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9752", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", - "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", - "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9753", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", - "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", - "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99116", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9754", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", - "Title": "binutils: Stack-based buffer over-read in process_otr function", - "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:21:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9755", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", - "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", - "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99124", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9756", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", - "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", - "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", - "https://www.exploit-db.com/exploits/42204/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9954", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", - "Title": "binutils: stack-based buffer over-read in getvalue function", - "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99307", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9955", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", - "Title": "binutils: heap buffer over-read in get_build_id function", - "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99573", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12641", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12641", - "Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty", - "Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12641.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23058" - ], - "PublishedDate": "2018-06-22T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12697", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "FixedVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12697", - "Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.", - "Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-12697.html", - "http://linux.oracle.com/errata/ELSA-2019-2075.html", - "http://www.securityfocus.com/bid/104538", - "https://access.redhat.com/errata/RHSA-2019:2075", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12698", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", - "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", - "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104539", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12699", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", - "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", - "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104540", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12700", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", - "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", - "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104541", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12934", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", - "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", - "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" - ], - "PublishedDate": "2018-06-28T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17794", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", - "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", - "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" - ], - "PublishedDate": "2018-09-30T20:29:00Z", - "LastModifiedDate": "2018-11-28T15:06:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17985", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", - "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" - ], - "PublishedDate": "2018-10-04T23:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18483", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", - "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", - "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105689", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18484", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", - "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105693", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18605", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", - "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", - "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18606", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", - "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", - "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18607", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", - "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", - "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18700", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", - "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18701", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", - "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19932", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", - "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20002", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", - "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", - "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106142", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2018-12-10T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6323", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", - "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", - "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/102821", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", - "https://www.exploit-db.com/exploits/44035/" - ], - "PublishedDate": "2018-01-26T08:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6759", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", - "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", - "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103030", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" - ], - "PublishedDate": "2018-02-06T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6872", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", - "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", - "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" - ], - "PublishedDate": "2018-02-09T06:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010204", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", - "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", - "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125", - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190822-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17450", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17450", - "Title": "binutils: denial of service via crafted ELF file", - "Description": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25078" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17451", - "PkgName": "binutils", - "InstalledVersion": "2.27-34.base.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17451", - "Title": "binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25070", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12900", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", - "Title": "bzip2: out-of-bounds write in function BZ2_decompress", - "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", - "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", - "https://usn.ubuntu.com/4038-1/", - "https://usn.ubuntu.com/4038-2/", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2", - "https://usn.ubuntu.com/usn/usn-4038-3", - "https://usn.ubuntu.com/usn/usn-4038-4", - "https://usn.ubuntu.com/usn/usn-4146-1", - "https://usn.ubuntu.com/usn/usn-4146-2" - ], - "PublishedDate": "2019-06-19T23:15:00Z", - "LastModifiedDate": "2019-06-24T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils", - "InstalledVersion": "8.22-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14866", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14866", - "Title": "cpio: improper input validation when writing tar header fields leads to unexpect tar generation", - "Description": "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866", - "https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html", - "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html", - "https://usn.ubuntu.com/usn/usn-4176-1" - ], - "PublishedDate": "2020-01-07T17:15:00Z", - "LastModifiedDate": "2020-01-10T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1197", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", - "Title": "cpio: directory traversal through symlinks", - "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0080.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", - "http://www.openwall.com/lists/oss-security/2015/01/07/5", - "http://www.openwall.com/lists/oss-security/2015/01/18/7", - "http://www.securityfocus.com/bid/71914", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", - "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2015-02-19T15:59:00Z", - "LastModifiedDate": "2016-12-06T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2037", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", - "Title": "cpio: out of bounds write", - "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 4.3 - } - }, - "References": [ - "http://www.debian.org/security/2016/dsa-3483", - "http://www.openwall.com/lists/oss-security/2016/01/19/4", - "http://www.openwall.com/lists/oss-security/2016/01/22/4", - "http://www.securityfocus.com/bid/82293", - "http://www.securitytracker.com/id/1035067", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2016-02-22T15:59:00Z", - "LastModifiedDate": "2016-12-06T03:07:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib-dicts", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "curl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19906", - "PkgName": "cyrus-sasl-lib", - "InstalledVersion": "2.1.26-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19906", - "Title": "cyrus-sasl: denial of service in _sasl_add_string function", - "Description": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906", - "https://github.com/cyrusimap/cyrus-sasl/issues/587", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", - "https://seclists.org/bugtraq/2019/Dec/42", - "https://usn.ubuntu.com/4256-1/", - "https://usn.ubuntu.com/usn/usn-4256-1", - "https://www.debian.org/security/2019/dsa-4591", - "https://www.openldap.org/its/index.cgi/Incoming?id=9123" - ], - "PublishedDate": "2019-12-19T18:15:00Z", - "LastModifiedDate": "2020-01-30T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4484", - "PkgName": "dracut", - "InstalledVersion": "033-554.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", - "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", - "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", - "http://www.openwall.com/lists/oss-security/2016/11/14/13", - "http://www.openwall.com/lists/oss-security/2016/11/15/1", - "http://www.openwall.com/lists/oss-security/2016/11/15/4", - "http://www.openwall.com/lists/oss-security/2016/11/16/6", - "http://www.securityfocus.com/bid/94315", - "https://access.redhat.com/articles/2786581", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", - "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" - ], - "PublishedDate": "2017-01-23T21:59:00Z", - "LastModifiedDate": "2017-01-26T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16062", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16062", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file", - "Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16062.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23541", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-08-29T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16402", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16402", - "Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash", - "Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16402.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16403", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16403", - "Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash", - "Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16403.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-09-03T19:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18310", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18310", - "Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl", - "Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18310.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23752", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-15T02:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18520", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18520", - "Title": "elfutils: eu-size cannot handle recursive ar files", - "Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18520.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23787", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18521", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18521", - "Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c", - "Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18521.html", - "http://linux.oracle.com/errata/ELSA-2019-2197.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23786", - "https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2018-10-19T17:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7149", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7149", - "Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw", - "Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7149.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24102", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7150", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7150", - "Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c", - "Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7150.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24103", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-01-29T00:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7664", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7664", - "Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h", - "Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7664.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://access.redhat.com/errata/RHSA-2019:2197", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24084" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-7665", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.172-2.el7", - "FixedVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-7665", - "Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c", - "Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-7665.html", - "http://linux.oracle.com/errata/ELSA-2019-3575.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24089", - "https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html", - "https://usn.ubuntu.com/4012-1/", - "https://usn.ubuntu.com/usn/usn-4012-1" - ], - "PublishedDate": "2019-02-09T16:29:00Z", - "LastModifiedDate": "2019-06-10T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6702", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", - "Title": "expat: Using XML_Parse before rand() results into non-random output", - "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/03/8", - "http://www.openwall.com/lists/oss-security/2016/06/04/1", - "http://www.securityfocus.com/bid/91483", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-18T17:55:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0340", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", - "Title": "expat: internal entity expansion", - "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://securitytracker.com/id?1028213", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.osvdb.org/90634", - "http://www.securityfocus.com/bid/58233", - "https://security.gentoo.org/glsa/201701-21" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2716", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", - "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", - "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2716.html", - "http://linux.oracle.com/errata/ELSA-2015-1012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0988.html", - "http://rhn.redhat.com/errata/RHSA-2015-1012.html", - "http://www.debian.org/security/2015/dsa-3260", - "http://www.debian.org/security/2015/dsa-3264", - "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/74611", - "http://www.ubuntu.com/usn/USN-2602-1", - "http://www.ubuntu.com/usn/USN-2603-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", - "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", - "https://security.gentoo.org/glsa/201605-06", - "https://usn.ubuntu.com/usn/usn-2602-1", - "https://usn.ubuntu.com/usn/usn-2603-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", - "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2015-05-14T10:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4472", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4472", - "Title": "expat: Undefined behavior and pointer overflows", - "Description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/91528", - "http://www.ubuntu.com/usn/USN-3013-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", - "https://security.gentoo.org/glsa/201701-21", - "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-11-03T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5300", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", - "Title": "expat: Little entropy used for hash initialization", - "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/04/4", - "http://www.openwall.com/lists/oss-security/2016/06/04/5", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91159", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-23T12:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9233", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9233", - "Title": "expat: Inifinite loop due to invalid XML in external entity", - "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3898", - "http://www.openwall.com/lists/oss-security/2017/06/17/7", - "http://www.securityfocus.com/bid/99276", - "http://www.securitytracker.com/id/1039427", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", - "https://github.com/libexpat/libexpat/blob/master/expat/Changes", - "https://libexpat.github.io/doc/cve-2017-9233/", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://support.f5.com/csp/article/K03244804", - "https://usn.ubuntu.com/usn/usn-3356-1", - "https://usn.ubuntu.com/usn/usn-3356-2" - ], - "PublishedDate": "2017-07-25T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20843", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", - "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", - "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", - "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", - "https://github.com/libexpat/libexpat/issues/186", - "https://github.com/libexpat/libexpat/pull/262", - "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", - "https://seclists.org/bugtraq/2019/Jun/39", - "https://security.netapp.com/advisory/ntap-20190703-0001/", - "https://usn.ubuntu.com/4040-1/", - "https://usn.ubuntu.com/4040-2/", - "https://usn.ubuntu.com/usn/usn-4040-1", - "https://usn.ubuntu.com/usn/usn-4040-2", - "https://www.debian.org/security/2019/dsa-4472" - ], - "PublishedDate": "2019-06-24T17:15:00Z", - "LastModifiedDate": "2019-06-26T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9063", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", - "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", - "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94337", - "http://www.securitytracker.com/id/1037298", - "http://www.securitytracker.com/id/1039427", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", - "https://usn.ubuntu.com/usn/usn-3124-1", - "https://www.debian.org/security/2017/dsa-3898", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", - "https://www.mozilla.org/security/advisories/mfsa2016-89/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-07-30T18:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15903", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15903", - "Title": "expat: heap-based buffer over-read via crafted XML input", - "Description": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15903.html", - "http://linux.oracle.com/errata/ELSA-2019-3237.html", - "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", - "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", - "https://github.com/libexpat/libexpat/issues/317", - "https://github.com/libexpat/libexpat/issues/342", - "https://github.com/libexpat/libexpat/pull/318", - "https://seclists.org/bugtraq/2019/Sep/30", - "https://usn.ubuntu.com/4132-1/", - "https://usn.ubuntu.com/4132-2/", - "https://usn.ubuntu.com/usn/usn-4132-1", - "https://usn.ubuntu.com/usn/usn-4132-2", - "https://usn.ubuntu.com/usn/usn-4165-1", - "https://usn.ubuntu.com/usn/usn-4202-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903" - ], - "PublishedDate": "2019-09-04T06:15:00Z", - "LastModifiedDate": "2019-09-12T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9620", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9620", - "Title": "file: limit the number of ELF notes processed", - "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0040.html", - "http://linux.oracle.com/cve/CVE-2014-9620.html", - "http://linux.oracle.com/errata/ELSA-2016-0760.html", - "http://mx.gw.com/pipermail/file/2014/001653.html", - "http://mx.gw.com/pipermail/file/2015/001660.html", - "http://rhn.redhat.com/errata/RHSA-2016-0760.html", - "http://www.debian.org/security/2015/dsa-3121", - "http://www.openwall.com/lists/oss-security/2015/01/17/9", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/71715", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620", - "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4", - "https://security.gentoo.org/glsa/201503-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/usn/usn-3686-1" - ], - "PublishedDate": "2015-01-21T18:59:00Z", - "LastModifiedDate": "2018-06-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8385", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", - "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", - "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8385.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85572", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3191", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", - "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", - "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3191.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/84810", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.debian.org/815920", - "https://bugs.debian.org/815921", - "https://bugs.exim.org/show_bug.cgi?id=1791", - "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", - "https://usn.ubuntu.com/usn/usn-2943-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-03-17T23:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2327", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", - "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", - "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.fortiguard.com/advisory/FG-VD-15-010/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2328", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2328", - "Title": "pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)", - "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2328.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.fortiguard.com/advisory/FG-VD-15-014/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1515", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5073", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", - "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5073.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/26/1", - "http://www.openwall.com/lists/oss-security/2015/06/26/3", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75430", - "http://www.securitytracker.com/id/1033154", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1651", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2694-1", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8388", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", - "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-185" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8388.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85576", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8391", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8391", - "Title": "pcre: inefficient posix character class syntax check (8.38/16)", - "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C", - "V2Score": 9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8391.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12450", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", - "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", - "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12450.html", - "http://linux.oracle.com/errata/ELSA-2019-3530.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", - "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", - "https://security.netapp.com/advisory/ntap-20190606-0003/", - "https://usn.ubuntu.com/4014-1/", - "https://usn.ubuntu.com/4014-2/", - "https://usn.ubuntu.com/usn/usn-4014-1", - "https://usn.ubuntu.com/usn/usn-4014-2" - ], - "PublishedDate": "2019-05-29T17:29:00Z", - "LastModifiedDate": "2019-06-11T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9633", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", - "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", - "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 8.2 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107391", - "https://gitlab.gnome.org/GNOME/glib/issues/1649" - ], - "PublishedDate": "2019-03-08T08:29:00Z", - "LastModifiedDate": "2019-03-14T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16428", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", - "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", - "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105210", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", - "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", - "https://gitlab.gnome.org/GNOME/glib/issues/1364", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16429", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", - "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", - "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", - "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", - "https://gitlab.gnome.org/GNOME/glib/issues/1361", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13012", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13012", - "Title": "glib2: insecure permissions for files and directories", - "Description": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.", - "Severity": "LOW", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012", - "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429", - "https://gitlab.gnome.org/GNOME/glib/issues/1658", - "https://gitlab.gnome.org/GNOME/glib/merge_requests/450", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html", - "https://security.netapp.com/advisory/ntap-20190806-0003/", - "https://usn.ubuntu.com/4049-1/", - "https://usn.ubuntu.com/4049-2/", - "https://usn.ubuntu.com/usn/usn-4049-1", - "https://usn.ubuntu.com/usn/usn-4049-2", - "https://usn.ubuntu.com/usn/usn-4049-3", - "https://usn.ubuntu.com/usn/usn-4049-4" - ], - "PublishedDate": "2019-06-28T15:15:00Z", - "LastModifiedDate": "2019-07-29T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10739", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "FixedVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10739", - "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-10739.html", - "http://linux.oracle.com/errata/ELSA-2019-3513.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html", - "http://www.securityfocus.com/bid/106672", - "https://access.redhat.com/errata/RHSA-2019:2118", - "https://bugzilla.redhat.com/show_bug.cgi?id=1347549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20018" - ], - "PublishedDate": "2019-01-21T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-260.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4617", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", - "Title": "gnupg: infinite loop when decompressing data packets", - "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", - "http://secunia.com/advisories/59213", - "http://secunia.com/advisories/59351", - "http://secunia.com/advisories/59534", - "http://secunia.com/advisories/59578", - "http://www.debian.org/security/2014/dsa-2967", - "http://www.debian.org/security/2014/dsa-2968", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "http://www.ubuntu.com/usn/USN-2258-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", - "https://usn.ubuntu.com/usn/usn-2258-1" - ], - "PublishedDate": "2014-06-25T11:19:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1606", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", - "Title": "gnupg2: invalid memory read using a garbled keyring", - "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securitytracker.com/id/1031876", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1607", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", - "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", - "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securityfocus.com/bid/72610", - "http://www.ubuntu.com/usn/usn-2554-1/", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:19:00Z" - }, - { - "VulnerabilityID": "CVE-2018-9234", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", - "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", - "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "V3Score": 2.2 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", - "https://dev.gnupg.org/T3844", - "https://usn.ubuntu.com/3675-1/", - "https://usn.ubuntu.com/usn/usn-3675-1" - ], - "PublishedDate": "2018-04-04T00:29:00Z", - "LastModifiedDate": "2019-02-27T19:37:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3564", - "PkgName": "gpgme", - "InstalledVersion": "1.3.2-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", - "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", - "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", - "http://seclists.org/oss-sec/2014/q3/266", - "http://www.debian.org/security/2014/dsa-3005", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.osvdb.org/109699", - "http://www.securityfocus.com/bid/68990", - "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", - "https://usn.ubuntu.com/usn/usn-2307-1" - ], - "PublishedDate": "2014-10-20T17:55:00Z", - "LastModifiedDate": "2016-10-18T03:44:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5351", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", - "Title": "krb5: current keys returned when randomizing the keys for a service principal", - "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0477.html", - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", - "http://security.gentoo.org/glsa/glsa-201412-53.xml", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", - "http://www.securityfocus.com/bid/70380", - "http://www.securitytracker.com/id/1031003", - "http://www.ubuntu.com/usn/USN-2498-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", - "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://usn.ubuntu.com/usn/usn-2498-1" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2695", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", - "Title": "krb5: SPNEGO context aliasing bugs", - "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/90687", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", - "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2696", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", - "Title": "krb5: IAKERB context aliasing flaw", - "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.securityfocus.com/bid/90675", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", - "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2697", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", - "Title": "krb5: build_principal() memory flaw", - "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/77581", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", - "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15088", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15088", - "Title": "krb5: Buffer overflow in get_matching_data()", - "Description": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101594", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", - "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", - "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4", - "https://github.com/krb5/krb5/pull/707" - ], - "PublishedDate": "2017-11-23T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:24:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20217", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", - "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", - "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", - "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", - "https://security.netapp.com/advisory/ntap-20190416-0006/" - ], - "PublishedDate": "2018-12-26T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11462", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", - "Title": "krb5: Automatic sec context deletion could lead to double-free", - "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", - "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", - "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" - ], - "PublishedDate": "2017-09-13T16:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0247", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", - "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", - "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0061.html", - "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.ocert.org/advisories/ocert-2015-002.html", - "http://www.securityfocus.com/archive/1/534633/100/0/threaded", - "http://www.securityfocus.com/bid/72520", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", - "https://security.gentoo.org/glsa/201701-06", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-17T15:59:00Z", - "LastModifiedDate": "2018-10-09T19:55:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1572", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-13.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", - "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", - "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0088.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", - "http://www.securityfocus.com/bid/72709", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", - "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", - "https://security.gentoo.org/glsa/201507-22", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2017-11-08T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-51.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14618", - "Title": "curl: NTLM password overflow via integer overflow", - "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14618.html", - "http://linux.oracle.com/errata/ELSA-2019-1880.html", - "http://www.securitytracker.com/id/1041605", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", - "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", - "https://curl.haxx.se/docs/CVE-2018-14618.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618", - "https://github.com/curl/curl/issues/2756", - "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3765-1/", - "https://usn.ubuntu.com/3765-2/", - "https://usn.ubuntu.com/usn/usn-3765-1", - "https://usn.ubuntu.com/usn/usn-3765-2", - "https://www.debian.org/security/2018/dsa-4286" - ], - "PublishedDate": "2018-09-05T19:29:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16842", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "FixedVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16842", - "Title": "curl: Heap-based buffer over-read in the curl tool warning formatting", - "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16842.html", - "http://linux.oracle.com/errata/ELSA-2019-2181.html", - "http://www.securitytracker.com/id/1042014", - "https://access.redhat.com/errata/RHSA-2019:2181", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", - "https://curl.haxx.se/docs/CVE-2018-16842.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", - "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201903-03", - "https://usn.ubuntu.com/3805-1/", - "https://usn.ubuntu.com/3805-2/", - "https://usn.ubuntu.com/usn/usn-3805-1", - "https://usn.ubuntu.com/usn/usn-3805-2", - "https://www.debian.org/security/2018/dsa-4331" - ], - "PublishedDate": "2018-10-31T19:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-51.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb", - "InstalledVersion": "5.3.21-24.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb-utils", - "InstalledVersion": "5.3.21-24.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5270", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", - "Title": "libgcrypt: ELGAMAL side-channel attack", - "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", - "http://openwall.com/lists/oss-security/2014/08/16/2", - "http://www.cs.tau.ac.il/~tromer/handsoff/", - "http://www.debian.org/security/2014/dsa-3024", - "http://www.debian.org/security/2014/dsa-3073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", - "https://usn.ubuntu.com/usn/usn-2339-1", - "https://usn.ubuntu.com/usn/usn-2339-2" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2017-11-04T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7526", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", - "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", - "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99338", - "http://www.securitytracker.com/id/1038915", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", - "https://eprint.iacr.org/2017/627", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", - "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", - "https://usn.ubuntu.com/3733-1/", - "https://usn.ubuntu.com/3733-2/", - "https://usn.ubuntu.com/usn/usn-3347-1", - "https://usn.ubuntu.com/usn/usn-3347-2", - "https://usn.ubuntu.com/usn/usn-3733-1", - "https://usn.ubuntu.com/usn/usn-3733-2", - "https://www.debian.org/security/2017/dsa-3901", - "https://www.debian.org/security/2017/dsa-3960" - ], - "PublishedDate": "2018-07-26T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2059", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", - "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", - "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3578", - "http://www.openwall.com/lists/oss-security/2015/02/23/25", - "http://www.securityfocus.com/bid/72736", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", - "https://github.com/jabberd2/jabberd2/issues/85", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2015-08-12T14:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8948", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", - "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", - "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6261", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", - "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", - "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6262", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", - "Title": "libidn: Out-of-bounds read when reading zero byte as input", - "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6263", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", - "Title": "libidn: Crash when given invalid UTF-8 data on input", - "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2016-11-28T20:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14062", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", - "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", - "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3988", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", - "https://gitlab.com/libidn/libidn2/blob/master/NEWS", - "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", - "https://usn.ubuntu.com/usn/usn-3421-1", - "https://usn.ubuntu.com/usn/usn-3434-1", - "https://usn.ubuntu.com/usn/usn-3434-2" - ], - "PublishedDate": "2017-08-31T16:29:00Z", - "LastModifiedDate": "2020-02-18T19:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3855", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3855", - "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3855.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3855.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3856", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856", - "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write", - "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3856.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3856.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3857", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857", - "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write", - "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3857.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3857.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3863", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.2", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863", - "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes", - "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3863.html", - "http://linux.oracle.com/errata/ELSA-2019-1652.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://access.redhat.com/errata/RHSA-2019:0679", - "https://access.redhat.com/errata/RHSA-2019:1175", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3863.html" - ], - "PublishedDate": "2019-03-25T18:29:00Z", - "LastModifiedDate": "2019-05-14T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13115", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", - "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", - "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "V2Score": 5.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://blog.semmle.com/libssh2-integer-overflow/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", - "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", - "https://github.com/libssh2/libssh2/pull/350", - "https://libssh2.org/changes.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" - ], - "PublishedDate": "2019-07-16T18:15:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17498", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", - "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", - "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", - "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", - "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", - "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", - "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", - "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" - ], - "PublishedDate": "2019-10-21T22:15:00Z", - "LastModifiedDate": "2019-11-07T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3858", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3858", - "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3858.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", - "https://github.com/libssh2/libssh2/pull/316", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3858.html" - ], - "PublishedDate": "2019-03-21T21:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3859", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", - "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3859.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3860", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", - "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3860.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3860.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3861", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3861", - "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3861.html", - "http://linux.oracle.com/errata/ELSA-2019-2136.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3861.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3861.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3862", - "PkgName": "libssh2", - "InstalledVersion": "1.4.3-12.el7", - "FixedVersion": "1.4.3-12.el7_6.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862", - "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-3862.html", - "http://linux.oracle.com/errata/ELSA-2019-4693.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3862.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3862.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-36.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4008", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", - "Title": "libtasn1: infinite loop while parsing DER certificates", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://www.debian.org/security/2016/dsa-3568", - "http://www.openwall.com/lists/oss-security/2016/04/11/3", - "http://www.ubuntu.com/usn/USN-2957-1", - "http://www.ubuntu.com/usn/USN-2957-2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", - "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", - "https://security.gentoo.org/glsa/201703-05", - "https://usn.ubuntu.com/usn/usn-2957-1", - "https://usn.ubuntu.com/usn/usn-2957-2" - ], - "PublishedDate": "2016-05-05T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6003", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6003", - "Title": "libtasn1: Stack exhaustion due to indefinite recursion during BER decoding", - "Description": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97", - "https://bugzilla.redhat.com/show_bug.cgi?id=1535926", - "https://bugzilla.suse.com/show_bug.cgi?id=1076832", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003", - "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2018-01-22T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10790", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", - "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", - "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/3547-1/", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2017-07-02T03:29:00Z", - "LastModifiedDate": "2018-03-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6891", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", - "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", - "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.debian.org/security/2017/dsa-3861", - "http://www.securityfocus.com/bid/98641", - "http://www.securitytracker.com/id/1038619", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", - "https://secuniaresearch.flexerasoftware.com/advisories/76125/", - "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/usn/usn-3309-1", - "https://usn.ubuntu.com/usn/usn-3309-2" - ], - "PublishedDate": "2017-05-22T19:29:00Z", - "LastModifiedDate": "2019-06-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5461", - "PkgName": "lua", - "InstalledVersion": "5.1.4-15.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", - "Title": "lua: overflow flaw in vararg functions", - "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0414.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", - "http://secunia.com/advisories/59890", - "http://secunia.com/advisories/60869", - "http://secunia.com/advisories/61411", - "http://www.debian.org/security/2014/dsa-3015", - "http://www.debian.org/security/2014/dsa-3016", - "http://www.lua.org/bugs.html#5.2.2-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", - "http://www.openwall.com/lists/oss-security/2014/08/21/1", - "http://www.openwall.com/lists/oss-security/2014/08/21/4", - "http://www.openwall.com/lists/oss-security/2014/08/27/2", - "http://www.securityfocus.com/bid/69342", - "http://www.ubuntu.com/usn/USN-2338-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", - "https://security.gentoo.org/glsa/201701-53", - "https://usn.ubuntu.com/usn/usn-2338-1" - ], - "PublishedDate": "2014-09-04T17:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "lz4", - "InstalledVersion": "1.7.5-2.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1951", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", - "Title": "nspr: Memory allocation issue related to PR_*printf functions", - "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 7.5, - "V3Score": 8.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/92385", - "http://www.securitytracker.com/id/1036590", - "http://www.ubuntu.com/usn/USN-3023-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", - "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", - "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", - "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", - "https://usn.ubuntu.com/usn/usn-3023-1", - "https://usn.ubuntu.com/usn/usn-3028-1" - ], - "PublishedDate": "2016-08-07T19:59:00Z", - "LastModifiedDate": "2016-11-28T20:02:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nspr", - "InstalledVersion": "4.19.0-1.el7_5", - "FixedVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.36.0-5.el7_5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-tools", - "InstalledVersion": "3.36.0-7.1.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0495", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0495", - "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", - "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0495.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://www.securitytracker.com/id/1041144", - "http://www.securitytracker.com/id/1041147", - "https://access.redhat.com/errata/RHSA-2018:3221", - "https://access.redhat.com/errata/RHSA-2018:3505", - "https://access.redhat.com/errata/RHSA-2019:1296", - "https://access.redhat.com/errata/RHSA-2019:1297", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", - "https://dev.gnupg.org/T4011", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", - "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", - "https://usn.ubuntu.com/3689-1/", - "https://usn.ubuntu.com/3689-2/", - "https://usn.ubuntu.com/3692-1/", - "https://usn.ubuntu.com/3692-2/", - "https://usn.ubuntu.com/3850-1/", - "https://usn.ubuntu.com/3850-2/", - "https://usn.ubuntu.com/usn/usn-3689-1", - "https://usn.ubuntu.com/usn/usn-3689-2", - "https://usn.ubuntu.com/usn/usn-3692-1", - "https://usn.ubuntu.com/usn/usn-3692-2", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2", - "https://www.debian.org/security/2018/dsa-4231", - "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" - ], - "PublishedDate": "2018-06-13T23:29:00Z", - "LastModifiedDate": "2019-05-30T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12404", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-3.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12404", - "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", - "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://cat.eyalro.net/", - "http://linux.oracle.com/cve/CVE-2018-12404.html", - "http://linux.oracle.com/errata/ELSA-2019-2237.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", - "http://www.securityfocus.com/bid/107260", - "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes", - "https://usn.ubuntu.com/usn/usn-3850-1", - "https://usn.ubuntu.com/usn/usn-3850-2" - ], - "PublishedDate": "2019-05-02T17:29:00Z", - "LastModifiedDate": "2019-07-20T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-util", - "InstalledVersion": "3.36.0-1.1.el7_6", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1546", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", - "Title": "openldap: slapd crash in valueReturnFilter cleanup", - "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", - "http://secunia.com/advisories/62787", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", - "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", - "http://www.openldap.org/its/?findid=8046", - "http://www.openwall.com/lists/oss-security/2015/02/07/3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", - "https://support.apple.com/HT204659" - ], - "PublishedDate": "2015-02-12T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13057", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13057", - "Title": "openldap: Information disclosure issue in slapd component", - "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 3.5, - "V3Score": 4.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9038", - "https://security.netapp.com/advisory/ntap-20190822-0004/", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/?findid=9038", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-08-19T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13565", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13565", - "Title": "openldap: ACL restrictions bypass due to sasl_ssf value being set permanently", - "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9052", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/index.cgi/?findid=9052", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-09-24T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4984", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", - "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", - "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 2.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" - ], - "PublishedDate": "2017-07-17T13:18:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2018-5407", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "FixedVersion": "1:1.0.2k-16.el7_6.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5407", - "Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", - "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-5407.html", - "http://linux.oracle.com/errata/ELSA-2019-2125.html", - "http://www.securityfocus.com/bid/105897", - "https://access.redhat.com/errata/RHSA-2019:0483", - "https://access.redhat.com/errata/RHSA-2019:0651", - "https://access.redhat.com/errata/RHSA-2019:0652", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", - "https://eprint.iacr.org/2018/1060.pdf", - "https://github.com/bbbrumley/portsmash", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.gentoo.org/glsa/201903-10", - "https://security.netapp.com/advisory/ntap-20181126-0001/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.debian.org/security/2018/dsa-4355", - "https://www.exploit-db.com/exploits/45785/", - "https://www.openssl.org/news/secadv/20181112.txt", - "https://www.openwall.com/lists/oss-security/2018/11/01/4", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.tenable.com/security/tns-2018-16", - "https://www.tenable.com/security/tns-2018-17" - ], - "PublishedDate": "2018-11-15T21:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" + "LastModifiedDate": "2021-05-26T12:15:00Z" }, { "VulnerabilityID": "CVE-2019-1559", + "VendorIDs": [ + "RHSA-2019:2304" + ], "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", @@ -24755,7 +123,7 @@ "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "Severity": "MEDIUM", "CweIDs": [ - "CWE-200" + "CWE-203" ], "CVSS": { "nvd": { @@ -24765,42 +133,63 @@ "V3Score": 5.9 }, "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V3Score": 6.8 + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 } }, "References": [ - "http://linux.oracle.com/cve/CVE-2019-1559.html", - "http://linux.oracle.com/errata/ELSA-2019-2471.html", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", "http://www.securityfocus.com/bid/107174", + "https://access.redhat.com/errata/RHSA-2019:2304", + "https://access.redhat.com/errata/RHSA-2019:2437", + "https://access.redhat.com/errata/RHSA-2019:2439", + "https://access.redhat.com/errata/RHSA-2019:2471", + "https://access.redhat.com/errata/RHSA-2019:3929", + "https://access.redhat.com/errata/RHSA-2019:3931", + "https://access.redhat.com/security/cve/CVE-2019-1559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", "https://github.com/RUB-NDS/TLS-Padding-Oracles", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", + "https://linux.oracle.com/cve/CVE-2019-1559.html", + "https://linux.oracle.com/errata/ELSA-2019-2471.html", "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "https://security.gentoo.org/glsa/201903-10", "https://security.netapp.com/advisory/ntap-20190301-0001/", "https://security.netapp.com/advisory/ntap-20190301-0002/", "https://security.netapp.com/advisory/ntap-20190423-0002/", "https://support.f5.com/csp/article/K18549143", + "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS", + "https://ubuntu.com/security/notices/USN-3899-1", + "https://ubuntu.com/security/notices/USN-4376-2", "https://usn.ubuntu.com/3899-1/", - "https://usn.ubuntu.com/usn/usn-3899-1", + "https://usn.ubuntu.com/4376-2/", "https://www.debian.org/security/2019/dsa-4400", "https://www.openssl.org/news/secadv/20190226.txt", + "https://www.oracle.com/security-alerts/cpujan2020.html", + "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", + "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://www.tenable.com/security/tns-2019-02", "https://www.tenable.com/security/tns-2019-03" ], "PublishedDate": "2019-02-27T23:29:00Z", - "LastModifiedDate": "2019-05-22T00:29:00Z" + "LastModifiedDate": "2021-01-20T15:15:00Z" }, { "VulnerabilityID": "CVE-2018-0734", + "VendorIDs": [ + "RHSA-2019:2304" + ], "PkgName": "openssl-libs", "InstalledVersion": "1:1.0.2k-16.el7", "FixedVersion": "1:1.0.2k-19.el7", @@ -24813,7 +202,7 @@ "Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "Severity": "LOW", "CweIDs": [ - "CWE-320" + "CWE-327" ], "CVSS": { "nvd": { @@ -24828,4569 +217,43 @@ } }, "References": [ - "http://linux.oracle.com/cve/CVE-2018-0734.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", "http://www.securityfocus.com/bid/105758", + "https://access.redhat.com/errata/RHSA-2019:2304", + "https://access.redhat.com/errata/RHSA-2019:3700", + "https://access.redhat.com/errata/RHSA-2019:3932", + "https://access.redhat.com/errata/RHSA-2019:3933", + "https://access.redhat.com/errata/RHSA-2019:3935", + "https://access.redhat.com/security/cve/CVE-2018-0734", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", + "https://linux.oracle.com/cve/CVE-2018-0734.html", + "https://linux.oracle.com/errata/ELSA-2019-3700.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "https://security.netapp.com/advisory/ntap-20181105-0002/", "https://security.netapp.com/advisory/ntap-20190118-0002/", "https://security.netapp.com/advisory/ntap-20190423-0002/", + "https://ubuntu.com/security/notices/USN-3840-1", "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", "https://www.debian.org/security/2018/dsa-4348", "https://www.debian.org/security/2018/dsa-4355", "https://www.openssl.org/news/secadv/20181030.txt", + "https://www.oracle.com/security-alerts/cpuapr2020.html", + "https://www.oracle.com/security-alerts/cpujan2020.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "https://www.tenable.com/security/tns-2018-16", "https://www.tenable.com/security/tns-2018-17" ], "PublishedDate": "2018-10-30T12:29:00Z", - "LastModifiedDate": "2019-06-11T22:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0735", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", - "Title": "openssl: timing side channel attack in the ECDSA signature generation", - "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0735.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://www.securityfocus.com/bid/105750", - "http://www.securitytracker.com/id/1041986", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.openssl.org/news/secadv/20181029.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2018-10-29T13:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-16.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8380", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8380", - "Title": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)", - "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/77695", - "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1637", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8393", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8393", - "Title": "pcre: pcregrep -q is not always quiet (8.38/28)", - "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6004", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", - "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", - "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96295", - "http://www.securitytracker.com/id/1037850", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://bugs.exim.org/show_bug.cgi?id=2035", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", - "https://security.gentoo.org/glsa/201706-11", - "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" - ], - "PublishedDate": "2017-02-16T11:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7186", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", - "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", - "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97030", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", - "https://bugs.exim.org/show_bug.cgi?id=2052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", - "https://security.gentoo.org/glsa/201710-09", - "https://security.gentoo.org/glsa/201710-25", - "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" - ], - "PublishedDate": "2017-03-20T00:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8382", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", - "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", - "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V2Score": 6.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", - "http://www.openwall.com/lists/oss-security/2015/08/04/2", - "http://www.openwall.com/lists/oss-security/2015/08/04/3", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/76157", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1537", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2016-12-28T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1122", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "FixedVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1122", - "Title": "procps-ng, procps: Local privilege escalation in top", - "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-1122.html", - "http://linux.oracle.com/errata/ELSA-2019-2189.html", - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://access.redhat.com/errata/RHSA-2019:2189", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1121", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", - "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", - "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", - "https://security.gentoo.org/glsa/201805-14", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-06-13T20:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1123", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", - "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", - "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1125", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-23.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", - "Title": "procps-ng, procps: stack buffer overflow in pgrep", - "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-10160", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-80.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10160", - "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", - "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-10160.html", - "http://linux.oracle.com/errata/ELSA-2019-1587.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html", - "https://access.redhat.com/errata/RHSA-2019:1587", - "https://access.redhat.com/errata/RHSA-2019:1700", - "https://access.redhat.com/errata/RHSA-2019:2437", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", - "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", - "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", - "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", - "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", - "https://security.netapp.com/advisory/ntap-20190617-0003/", - "https://usn.ubuntu.com/4127-1/", - "https://usn.ubuntu.com/4127-2/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-06-07T18:29:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9636", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-77.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9636", - "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", - "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 9.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9636.html", - "http://linux.oracle.com/errata/ELSA-2019-1467.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107400", - "https://access.redhat.com/errata/RHBA-2019:0959", - "https://access.redhat.com/errata/RHSA-2019:0710", - "https://access.redhat.com/errata/RHSA-2019:0765", - "https://access.redhat.com/errata/RHSA-2019:0806", - "https://access.redhat.com/errata/RHSA-2019:0902", - "https://access.redhat.com/errata/RHSA-2019:0981", - "https://access.redhat.com/errata/RHSA-2019:0997", - "https://access.redhat.com/errata/RHSA-2019:1467", - "https://bugs.python.org/issue36216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", - "https://github.com/python/cpython/pull/12201", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", - "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", - "https://security.netapp.com/advisory/ntap-20190517-0001/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-08T21:29:00Z", - "LastModifiedDate": "2019-06-13T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14647", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14647", - "Title": "python: Missing salt initialization in _elementtree.c module", - "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-909" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-14647.html", - "http://linux.oracle.com/errata/ELSA-2019-2030.html", - "http://www.securityfocus.com/bid/105396", - "http://www.securitytracker.com/id/1041740", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://access.redhat.com/errata/RHSA-2019:2030", - "https://bugs.python.org/issue34623", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.debian.org/security/2018/dsa-4306", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2018-09-25T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5010", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5010", - "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", - "Description": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-5010.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:3520", - "https://access.redhat.com/errata/RHSA-2019:3725", - "https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", - "https://github.com/python/cpython/pull/11569", - "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-10-31T21:15:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9740", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9740", - "Title": "python: CRLF injection via the query part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9740.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://www.securityfocus.com/bid/107466", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue36276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-13T03:29:00Z", - "LastModifiedDate": "2019-05-28T18:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9947", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9947", - "Title": "python: CRLF injection via the path part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-93" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V2Score": 4.3, - "V3Score": 6.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9947.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "https://access.redhat.com/errata/RHSA-2019:1260", - "https://bugs.python.org/issue35906", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", - "https://python-security.readthedocs.io/vuln/http-header-injection2.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-05-28T19:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9948", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "FixedVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9948", - "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", - "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-9948.html", - "http://linux.oracle.com/errata/ELSA-2019-3520.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", - "http://www.securityfocus.com/bid/107549", - "https://bugs.python.org/issue35907", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", - "https://github.com/python/cpython/pull/11842", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", - "https://security.netapp.com/advisory/ntap-20190404-0004/", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-03-23T18:29:00Z", - "LastModifiedDate": "2019-06-19T02:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-76.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7091", - "PkgName": "readline", - "InstalledVersion": "6.2-10.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", - "Title": "sudo: Possible info leak via INPUTRC", - "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.9, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V2Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7091.html", - "http://linux.oracle.com/errata/ELSA-2016-2593.html", - "http://www.securityfocus.com/bid/92615", - "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", - "https://rhn.redhat.com/errata/RHSA-2016-2593.html" - ], - "PublishedDate": "2016-12-22T21:59:00Z", - "LastModifiedDate": "2016-12-23T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5827", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", - "Title": "chromium-browser: out-of-bounds access in SQLite", - "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", - "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", - "https://crbug.com/952406", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-06-27T17:15:00Z", - "LastModifiedDate": "2019-07-25T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-7036", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-7036", - "Title": "sqlite: arbitrary code execution on databases with malformed schema", - "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://support.apple.com/kb/HT204941", - "http://support.apple.com/kb/HT204942", - "http://zerodayinitiative.com/advisories/ZDI-15-570/", - "https://security.gentoo.org/glsa/201612-21" - ], - "PublishedDate": "2015-11-22T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7000", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", - "Title": "chromium-browser: pointer disclosure in sqlite", - "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98767", - "http://www.securityfocus.com/bid/99950", - "https://access.redhat.com/errata/RHSA-2017:1833", - "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", - "https://security.gentoo.org/glsa/201709-15", - "https://support.apple.com/HT207797", - "https://support.apple.com/HT207798", - "https://www.debian.org/security/2017/dsa-3926", - "https://www.sqlite.org/bindptr.html" - ], - "PublishedDate": "2018-04-03T06:29:00Z", - "LastModifiedDate": "2018-04-27T18:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13751", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13751", - "Title": "sqlite: fts3: improve detection of corrupted records", - "Description": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025465", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13752", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13752", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025470", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13753", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13753", - "Title": "sqlite: fts3: incorrectly removed corruption check", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025471", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19603", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", - "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", - "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", - "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2020-02-03T14:22:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19645", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", - "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", - "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", - "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-09T16:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19880", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", - "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", - "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", - "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", - "https://security.netapp.com/advisory/ntap-20200114-0001/" - ], - "PublishedDate": "2019-12-18T06:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19924", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19924", - "Title": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting", - "Description": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924", - "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20218", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", - "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", - "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", - "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" - ], - "PublishedDate": "2020-01-02T14:16:00Z", - "LastModifiedDate": "2020-01-16T20:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-8457", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", - "Title": "sqlite: heap out-of-bound read in function rtreenode()", - "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", - "https://security.netapp.com/advisory/ntap-20190606-0002/", - "https://usn.ubuntu.com/4004-1/", - "https://usn.ubuntu.com/4004-2/", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4004-1", - "https://usn.ubuntu.com/usn/usn-4004-2", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "https://www.sqlite.org/releaselog/3_28_0.html", - "https://www.sqlite.org/src/info/90acdbfce9c08858" - ], - "PublishedDate": "2019-05-30T16:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6153", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", - "Title": "sqlite: Tempdir selection vulnerability", - "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", - "V2Score": 1.2, - "V3Score": 2.2 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/07/01/1", - "http://www.openwall.com/lists/oss-security/2016/07/01/2", - "http://www.securityfocus.com/bid/91546", - "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", - "https://www.sqlite.org/releaselog/3_13_0.html", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-09-26T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10989", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", - "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", - "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.securityfocus.com/bid/99502", - "http://www.securitytracker.com/id/1039427", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://sqlite.org/src/info/66de6f4a", - "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-07-07T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13685", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", - "Title": "sqlite: Local DoS via dump_callback function", - "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "http://www.securityfocus.com/bid/100521", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2017-08-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15286", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", - "Title": "sqlite: NULL pointer dereference in tableColumnList", - "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", - "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" - ], - "PublishedDate": "2017-10-12T08:29:00Z", - "LastModifiedDate": "2017-10-27T14:18:00Z" - }, - { - "VulnerabilityID": "CVE-2018-8740", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", - "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", - "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://www.securityfocus.com/bid/103466", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", - "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" - ], - "PublishedDate": "2018-03-17T00:29:00Z", - "LastModifiedDate": "2019-05-22T03:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19244", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", - "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", - "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", - "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-11-25T20:15:00Z", - "LastModifiedDate": "2019-12-04T16:11:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-15686", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-15686", - "Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec", - "Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-15686.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://www.securityfocus.com/bid/105747", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686", - "https://github.com/systemd/systemd/pull/10519", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html", - "https://security.gentoo.org/glsa/201810-10", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://www.exploit-db.com/exploits/45714/" - ], - "PublishedDate": "2018-10-26T14:29:00Z", - "LastModifiedDate": "2019-08-06T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16866", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16866", - "Title": "systemd: out-of-bounds read when parsing a crafted syslog message", - "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16866.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", - "http://seclists.org/fulldisclosure/2019/May/21", - "http://www.openwall.com/lists/oss-security/2019/05/10/4", - "http://www.securityfocus.com/bid/106527", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866", - "https://seclists.org/bugtraq/2019/May/25", - "https://security.gentoo.org/glsa/201903-07", - "https://security.netapp.com/advisory/ntap-20190117-0001/", - "https://usn.ubuntu.com/3855-1/", - "https://usn.ubuntu.com/usn/usn-3855-1", - "https://www.debian.org/security/2019/dsa-4367", - "https://www.qualys.com/2019/01/09/system-down/system-down.txt" - ], - "PublishedDate": "2019-01-11T19:29:00Z", - "LastModifiedDate": "2019-05-13T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16888", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "FixedVersion": "219-67.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16888", - "Title": "systemd: kills privileged process if unprivileged PIDFile was tampered", - "Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-732" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-16888.html", - "http://linux.oracle.com/errata/ELSA-2019-2091.html", - "https://access.redhat.com/errata/RHSA-2019:2091", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888", - "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E", - "https://security.netapp.com/advisory/ntap-20190307-0007/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2019-01-14T22:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd-libs", - "InstalledVersion": "219-62.el7_6.5", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6321", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", - "Title": "tar: Bypassing the extract path name", - "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", - "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", - "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", - "http://seclists.org/fulldisclosure/2016/Oct/102", - "http://seclists.org/fulldisclosure/2016/Oct/96", - "http://www.debian.org/security/2016/dsa-3702", - "http://www.securityfocus.com/bid/93937", - "http://www.ubuntu.com/usn/USN-3132-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", - "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", - "https://usn.ubuntu.com/usn/usn-3132-1" - ], - "PublishedDate": "2016-12-09T22:59:00Z", - "LastModifiedDate": "2017-07-01T01:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-59.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12735", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "FixedVersion": "2:7.4.160-6.el7_6", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12735", - "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", - "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-78" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 9.3, - "V3Score": 8.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12735.html", - "http://linux.oracle.com/errata/ELSA-2019-1774.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", - "http://www.securityfocus.com/bid/108724", - "https://bugs.debian.org/930020", - "https://bugs.debian.org/930024", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", - "https://github.com/neovim/neovim/pull/10082", - "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", - "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/4016-2/", - "https://usn.ubuntu.com/usn/usn-4016-1", - "https://usn.ubuntu.com/usn/usn-4016-2", - "https://www.debian.org/security/2019/dsa-4467" - ], - "PublishedDate": "2019-06-05T14:29:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000382", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", - "Title": "vim: Ignores umask when creating a swap file", - "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=120", - "http://www.openwall.com/lists/oss-security/2017/10/31/1" - ], - "PublishedDate": "2017-10-31T20:29:00Z", - "LastModifiedDate": "2017-11-27T16:24:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11109", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", - "Title": "vim: Use-after-free via crafted file", - "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", - "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17087", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", - "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", - "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/11/27/2", - "http://security.cucumberlinux.com/security/details.php?id=166", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", - "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", - "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" - ], - "PublishedDate": "2017-12-01T08:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5953", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", - "Title": "vim: Tree length values not validated properly when handling a spell file", - "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3786", - "http://www.securityfocus.com/bid/96217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", - "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", - "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", - "https://security.gentoo.org/glsa/201706-26", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/usn/usn-4016-1" - ], - "PublishedDate": "2017-02-10T07:59:00Z", - "LastModifiedDate": "2019-06-11T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6350", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.160-5.el7", - "Layer": { - "DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", - "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", - "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96448", - "http://www.securitytracker.com/id/1037949", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", - "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", - "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", - "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", - "https://security.gentoo.org/glsa/201706-26" - ], - "PublishedDate": "2017-02-27T07:59:00Z", - "LastModifiedDate": "2018-08-13T21:47:00Z" + "LastModifiedDate": "2020-08-24T17:37:00Z" } ] } diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden index 8803385439..7b4df8ff86 100644 --- a/integration/testdata/debian-buster.json.golden +++ b/integration/testdata/debian-buster.json.golden @@ -81,6 +81,7 @@ }, "References": [ "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", "https://linux.oracle.com/cve/CVE-2019-18276.html", diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden index 449e7d360c..e5de0c3862 100644 --- a/integration/testdata/debian-stretch.json.golden +++ b/integration/testdata/debian-stretch.json.golden @@ -81,6 +81,7 @@ }, "References": [ "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", "https://linux.oracle.com/cve/CVE-2019-18276.html", diff --git a/integration/testdata/fixtures/db/cpe.yaml b/integration/testdata/fixtures/db/cpe.yaml new file mode 100644 index 0000000000..174e63ee28 --- /dev/null +++ b/integration/testdata/fixtures/db/cpe.yaml @@ -0,0 +1,21 @@ +- bucket: Red Hat CPE + pairs: + - bucket: repository + pairs: + - key: "rhel-6-server-rpms" + value: + - 857 + - key: "rhel-7-server-rpms" + value: + - 869 + - bucket: nvr + pairs: + - key: "ubi7-container-7.7-140-x86_64" + value: + - 869 + - bucket: cpe + pairs: + - key: "857" + value: "cpe:/o:redhat:enterprise_linux:6::server" + - key: "869" + value: "cpe:/o:redhat:enterprise_linux:7::server" diff --git a/integration/testdata/fixtures/db/redhat.yaml b/integration/testdata/fixtures/db/redhat.yaml new file mode 100644 index 0000000000..3ca5da000d --- /dev/null +++ b/integration/testdata/fixtures/db/redhat.yaml @@ -0,0 +1,73 @@ +- bucket: Red Hat + pairs: + - bucket: bash + pairs: + - key: CVE-2019-18276 + value: + Entries: + - Affected: + - 596 + - 597 + - 598 + - 601 + - 602 + - 869 + - 870 + - 924 + Cves: + - Severity: 1.0 + - bucket: openssl + pairs: + - key: RHSA-2019:2304 + value: + Entries: + - Affected: + - 859 + - 860 + - 862 + - 869 + Cves: + - ID: CVE-2018-0734 + Severity: 1.0 + - ID: CVE-2019-1559 + Severity: 2.0 + FixedVersion: 1:1.0.2k-19.el7 + - key: RHSA-2019:2471 + value: + Entries: + - Affected: + - 855 + - 857 + - 858 + - 924 + Cves: + - ID: CVE-2019-1559 + Severity: 2.0 + FixedVersion: 0:1.0.1e-58.el6_10 + - bucket: openssl-libs + pairs: + - key: RHSA-2019:2304 + value: + Entries: + - Affected: + - 859 + - 860 + - 862 + - 869 + Cves: + - ID: CVE-2018-0734 + Severity: 1.0 + - ID: CVE-2019-1559 + Severity: 2.0 + FixedVersion: 1:1.0.2k-19.el7 + - bucket: glibc + pairs: + - key: CVE-2020-29573 + value: + Entries: + - Affected: + - 596 + - 857 + - 858 + Cves: + - Severity: 2.0 diff --git a/integration/testdata/fixtures/db/vulnerability.yaml b/integration/testdata/fixtures/db/vulnerability.yaml index c397ab59be..ecff20b097 100644 --- a/integration/testdata/fixtures/db/vulnerability.yaml +++ b/integration/testdata/fixtures/db/vulnerability.yaml @@ -39,6 +39,67 @@ photon: 2.0 redhat: 1.0 ubuntu: 1.0 + - key: CVE-2018-0734 + value: + CVSS: + nvd: + V2Score: 4.3 + V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N + V3Score: 5.9 + V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + redhat: + V3Score: 5.1 + V3Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + CweIDs: + - CWE-327 + Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). + LastModifiedDate: 2020-08-24T17:37:00Z + PublishedDate: 2018-10-30T12:29:00Z + References: + - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html + - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html + - http://www.securityfocus.com/bid/105758 + - https://access.redhat.com/errata/RHSA-2019:2304 + - https://access.redhat.com/errata/RHSA-2019:3700 + - https://access.redhat.com/errata/RHSA-2019:3932 + - https://access.redhat.com/errata/RHSA-2019:3933 + - https://access.redhat.com/errata/RHSA-2019:3935 + - https://access.redhat.com/security/cve/CVE-2018-0734 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 + - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac + - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f + - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7 + - https://linux.oracle.com/cve/CVE-2018-0734.html + - https://linux.oracle.com/errata/ELSA-2019-3700.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ + - https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ + - https://security.netapp.com/advisory/ntap-20181105-0002/ + - https://security.netapp.com/advisory/ntap-20190118-0002/ + - https://security.netapp.com/advisory/ntap-20190423-0002/ + - https://ubuntu.com/security/notices/USN-3840-1 + - https://usn.ubuntu.com/3840-1/ + - https://www.debian.org/security/2018/dsa-4348 + - https://www.debian.org/security/2018/dsa-4355 + - https://www.openssl.org/news/secadv/20181030.txt + - https://www.oracle.com/security-alerts/cpuapr2020.html + - https://www.oracle.com/security-alerts/cpujan2020.html + - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html + - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html + - https://www.tenable.com/security/tns-2018-16 + - https://www.tenable.com/security/tns-2018-17 + Severity: MEDIUM + Title: "openssl: timing side channel attack in the DSA signature algorithm" + VendorSeverity: + amazon: 2.0 + arch-linux: 1.0 + nvd: 2.0 + oracle-oval: 1.0 + photon: 2.0 + redhat: 1.0 + ubuntu: 1.0 - key: CVE-2019-10744 value: CVSS: @@ -331,6 +392,75 @@ photon: 2.0 redhat: 1.0 ubuntu: 1.0 + - key: CVE-2019-1559 + value: + CVSS: + nvd: + V2Score: 4.3 + V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N + V3Score: 5.9 + V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + redhat: + V3Score: 5.9 + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + CweIDs: + - CWE-203 + Description: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). + LastModifiedDate: 2021-01-20T15:15:00Z + PublishedDate: 2019-02-27T23:29:00Z + References: + - http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html + - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html + - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html + - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html + - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html + - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html + - http://www.securityfocus.com/bid/107174 + - https://access.redhat.com/errata/RHSA-2019:2304 + - https://access.redhat.com/errata/RHSA-2019:2437 + - https://access.redhat.com/errata/RHSA-2019:2439 + - https://access.redhat.com/errata/RHSA-2019:2471 + - https://access.redhat.com/errata/RHSA-2019:3929 + - https://access.redhat.com/errata/RHSA-2019:3931 + - https://access.redhat.com/security/cve/CVE-2019-1559 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559 + - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e + - https://github.com/RUB-NDS/TLS-Padding-Oracles + - https://kc.mcafee.com/corporate/index?page=content&id=SB10282 + - https://linux.oracle.com/cve/CVE-2019-1559.html + - https://linux.oracle.com/errata/ELSA-2019-2471.html + - https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ + - https://security.gentoo.org/glsa/201903-10 + - https://security.netapp.com/advisory/ntap-20190301-0001/ + - https://security.netapp.com/advisory/ntap-20190301-0002/ + - https://security.netapp.com/advisory/ntap-20190423-0002/ + - https://support.f5.com/csp/article/K18549143 + - https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS + - https://ubuntu.com/security/notices/USN-3899-1 + - https://ubuntu.com/security/notices/USN-4376-2 + - https://usn.ubuntu.com/3899-1/ + - https://usn.ubuntu.com/4376-2/ + - https://www.debian.org/security/2019/dsa-4400 + - https://www.openssl.org/news/secadv/20190226.txt + - https://www.oracle.com/security-alerts/cpujan2020.html + - https://www.oracle.com/security-alerts/cpujan2021.html + - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html + - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html + - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + - https://www.tenable.com/security/tns-2019-02 + - https://www.tenable.com/security/tns-2019-03 + Severity: MEDIUM + Title: "openssl: 0-byte record padding oracle" + VendorSeverity: + amazon: 2.0 + arch-linux: 2.0 + nvd: 2.0 + oracle-oval: 2.0 + redhat: 2.0 + ubuntu: 2.0 - key: CVE-2019-1563 value: CVSS: @@ -449,6 +579,7 @@ PublishedDate: 2019-11-28T01:15:00Z References: - http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html + - https://access.redhat.com/security/cve/CVE-2019-18276 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276 - https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff - https://linux.oracle.com/cve/CVE-2019-18276.html @@ -670,6 +801,38 @@ nvd: 2.0 redhat: 2.0 ubuntu: 2.0 + - key: CVE-2020-29573 + value: + CVSS: + nvd: + V2Score: 5.0 + V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P + V3Score: 7.5 + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + redhat: + V3Score: 7.5 + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + CweIDs: + - CWE-787 + Description: "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference." + LastModifiedDate: 2021-01-26T18:15:00Z + PublishedDate: 2020-12-06T00:15:00Z + References: + - https://access.redhat.com/security/cve/CVE-2020-29573 + - https://linux.oracle.com/cve/CVE-2020-29573.html + - https://linux.oracle.com/errata/ELSA-2021-0348.html + - https://security.gentoo.org/glsa/202101-20 + - https://security.netapp.com/advisory/ntap-20210122-0004/ + - https://sourceware.org/bugzilla/show_bug.cgi?id=26649 + - https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html + Severity: HIGH + Title: "glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern" + VendorSeverity: + arch-linux: 2.0 + nvd: 3.0 + oracle-oval: 2.0 + photon: 3.0 + redhat: 2.0 - key: CVE-2020-8165 value: CVSS: diff --git a/integration/testdata/photon-30.json.golden b/integration/testdata/photon-30.json.golden index 674339cfeb..00f0e7cd60 100644 --- a/integration/testdata/photon-30.json.golden +++ b/integration/testdata/photon-30.json.golden @@ -92,6 +92,7 @@ }, "References": [ "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", "https://linux.oracle.com/cve/CVE-2019-18276.html", diff --git a/integration/testdata/ubi-7.json.golden b/integration/testdata/ubi-7.json.golden index b248187a88..f0a5783b6d 100644 --- a/integration/testdata/ubi-7.json.golden +++ b/integration/testdata/ubi-7.json.golden @@ -75,120 +75,6 @@ "Class": "os-pkgs", "Type": "redhat", "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2015-5186", - "PkgName": "audit-libs", - "InstalledVersion": "2.8.5-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5186", - "Title": "Audit: log terminal emulator escape sequences handling", - "Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/08/13/9", - "http://www.securityfocus.com/bid/76840", - "https://bugzilla.redhat.com/show_bug.cgi?id=1251621", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186", - "https://people.redhat.com/sgrubb/audit/ChangeLog" - ], - "PublishedDate": "2017-09-06T21:29:00Z", - "LastModifiedDate": "2017-09-13T11:17:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6711", - "PkgName": "bash", - "InstalledVersion": "4.2.46-33.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6711", - "Title": "bash: heap-based buffer overflow during echo of unsupported characters", - "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5", - "http://www.securityfocus.com/bid/108824", - "https://bugzilla.redhat.com/show_bug.cgi?id=1721071", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711" - ], - "PublishedDate": "2019-06-18T18:15:00Z", - "LastModifiedDate": "2019-06-20T09:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9924", - "PkgName": "bash", - "InstalledVersion": "4.2.46-33.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9924", - "Title": "bash: BASH_CMD is writable in restricted bash shells", - "Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", - "https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html", - "https://lists.gnu.org/archive/html/bug-bash/2017-03/msg00077.html", - "https://security.netapp.com/advisory/ntap-20190411-0001/", - "https://usn.ubuntu.com/usn/usn-4058-1", - "https://usn.ubuntu.com/usn/usn-4058-2" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-11T22:29:00Z" - }, { "VulnerabilityID": "CVE-2019-18276", "PkgName": "bash", @@ -207,7 +93,9 @@ "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V2Score": 7.2 + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.2, + "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", @@ -216,25462 +104,18 @@ }, "References": [ "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", + "https://linux.oracle.com/cve/CVE-2019-18276.html", + "https://linux.oracle.com/errata/ELSA-2021-1679.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://security.gentoo.org/glsa/202105-34", + "https://security.netapp.com/advisory/ntap-20200430-0003/", "https://www.youtube.com/watch?v=-wGtxJ8opa8" ], "PublishedDate": "2019-11-28T01:15:00Z", - "LastModifiedDate": "2020-01-22T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6965", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6965", - "Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21137" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6966", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6966", - "Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf", - "Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21139" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9074", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9074", - "Title": "binutils: out-of-bound read in function bfd_getl32 in libbfd.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24235", - "https://support.f5.com/csp/article/K09092524" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9075", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9075", - "Title": "binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24236", - "https://support.f5.com/csp/article/K42059040" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-23T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9077", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9077", - "Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c", - "Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107139", - "https://security.netapp.com/advisory/ntap-20190314-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", - "https://support.f5.com/csp/article/K00056379" - ], - "PublishedDate": "2019-02-24T00:29:00Z", - "LastModifiedDate": "2019-05-24T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9939", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9939", - "Title": "binutils: buffer overflow in ihex.c", - "Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/07/31/6", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18750", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b", - "https://usn.ubuntu.com/usn/usn-3367-1" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8538", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8538", - "Title": "libdwarf: Out-of-bounds read in dwarf_leb.c", - "Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 1.7 - } - }, - "References": [ - "http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/", - "http://www.openwall.com/lists/oss-security/2015/12/09/2", - "http://www.openwall.com/lists/oss-security/2015/12/10/3", - "https://bugzilla.redhat.com/show_bug.cgi?id=1289385", - "https://bugzilla.redhat.com/show_bug.cgi?id=1291299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538" - ], - "PublishedDate": "2017-06-07T20:29:00Z", - "LastModifiedDate": "2017-06-14T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12449", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12449", - "Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function", - "Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:39:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12451", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12451", - "Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function", - "Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12452", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12452", - "Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function", - "Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12453", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12453", - "Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function", - "Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T18:35:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12454", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12454", - "Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function", - "Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12455", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12455", - "Title": "binutils: out of bounds heap read in evax_bfd_print_emh function", - "Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:05:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12456", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12456", - "Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function", - "Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21813" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12457", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12457", - "Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function", - "Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T13:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12458", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12458", - "Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function", - "Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21840" - ], - "PublishedDate": "2017-08-04T15:29:00Z", - "LastModifiedDate": "2017-08-07T14:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12799", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12799", - "Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c", - "Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100292", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21933" - ], - "PublishedDate": "2017-08-10T18:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-12967", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-12967", - "Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c", - "Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" - ], - "PublishedDate": "2017-08-19T16:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13710", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13710", - "Title": "binutils: NULL pointer dereference in the setup_group function", - "Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100499", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547" - ], - "PublishedDate": "2017-08-27T16:29:00Z", - "LastModifiedDate": "2017-08-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13716", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", - "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", - "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22009" - ], - "PublishedDate": "2017-08-28T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13757", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13757", - "Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100532", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22018", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a" - ], - "PublishedDate": "2017-08-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14128", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14128", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info function", - "Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22059", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14129", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14129", - "Title": "binutils: Heap-based buffer over-read in the read_section function", - "Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100624", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22047", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14130", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14130", - "Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function", - "Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100625", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22058", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229" - ], - "PublishedDate": "2017-09-04T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14529", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14529", - "Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c", - "Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" - ], - "PublishedDate": "2017-09-18T00:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14729", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14729", - "Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22170", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360" - ], - "PublishedDate": "2017-09-25T16:29:00Z", - "LastModifiedDate": "2017-09-28T16:51:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14745", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14745", - "Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22148" - ], - "PublishedDate": "2017-09-26T16:29:00Z", - "LastModifiedDate": "2017-09-29T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14930", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14930", - "Title": "binutils: Memory leak in decode_line_info", - "Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22191" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14932", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14932", - "Title": "binutils: Infinite loop in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22204", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14933", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14933", - "Title": "binutils: Infinite loop in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22210", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14934", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14934", - "Title": "binutils: Infinite loop in process_debug_info", - "Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-131", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22219", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14938", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14938", - "Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables", - "Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101212", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14939", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14939", - "Title": "binutils: Heap-based buffer over-read in the decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101216", - "https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22169", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724", - "https://www.exploit-db.com/exploits/42970/" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14940", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14940", - "Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols", - "Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22166", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe" - ], - "PublishedDate": "2017-09-30T01:29:00Z", - "LastModifiedDate": "2017-10-03T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14974", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14974", - "Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions", - "Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22163", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf" - ], - "PublishedDate": "2017-10-02T01:29:00Z", - "LastModifiedDate": "2017-10-05T16:23:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15020", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15020", - "Title": "binutils: Heap-based buffer overflow in parse_die", - "Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22202", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15021", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15021", - "Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1", - "Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22197", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15022", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15022", - "Title": "binutils: NULL pointer dereference in dwarf2.c", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22201", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15023", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15023", - "Title": "binutils: NULL pointer dereference in read_formatted_entries", - "Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101611", - "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15024", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15024", - "Title": "binutils: Infinite recursion in find_abstract_instance_name", - "Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15025", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15025", - "Title": "binutils: Divide-by-zero in decode_line_info", - "Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-369" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22186", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2017-10-11T17:38:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15225", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15225", - "Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info", - "Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22212", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0" - ], - "PublishedDate": "2017-10-10T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15938", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15938", - "Title": "binutils: Invalid memory read in find_abstract_instance_name", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101610", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22209", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15939", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15939", - "Title": "binutils: NULL pointer dereference in the concat_filename", - "Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101613", - "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22205", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9" - ], - "PublishedDate": "2017-10-27T21:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15996", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15996", - "Title": "binutils: Excessive memory allocation in elfcomm.c", - "Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101608", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22361", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b" - ], - "PublishedDate": "2017-10-29T17:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16826", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16826", - "Title": "binutils: Invalid memory access in the coff_slurp_line_table function", - "Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22376", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16827", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16827", - "Title": "binutils: Invalid free in the aout_get_external_symbols function", - "Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16828", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16828", - "Title": "binutils: Integer overflow in the display_debug_frames function", - "Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22386", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16829", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16829", - "Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function", - "Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22307", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16830", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16830", - "Title": "binutils: Segmentation fault in the print_gnu_property_note function", - "Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22384", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16831", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16831", - "Title": "binutils: Integer overflow in coffgen.c", - "Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22385", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16832", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16832", - "Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function", - "Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22373", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b" - ], - "PublishedDate": "2017-11-15T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17080", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17080", - "Title": "binutils: Heap-based buffer over-read in bfd_getl32", - "Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22421" - ], - "PublishedDate": "2017-11-30T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17121", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17121", - "Title": "binutils: Memory access violation via a crafted COFF binary", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17122", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17122", - "Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function", - "Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22508", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-14T02:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17123", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17123", - "Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function", - "Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22509", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17124", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17124", - "Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function", - "Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22507", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2018-11-27T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17125", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17125", - "Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function", - "Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22443", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17126", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17126", - "Title": "binutils: Invalid memory access in the load_debug_section function", - "Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22510", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8" - ], - "PublishedDate": "2017-12-04T08:29:00Z", - "LastModifiedDate": "2019-03-13T19:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6969", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6969", - "Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries", - "Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/16/8", - "http://www.securityfocus.com/bid/97065", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21156" - ], - "PublishedDate": "2017-03-17T09:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7209", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7209", - "Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf", - "Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96994", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21135" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7210", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7210", - "Title": "binutils: Heap-based buffer over-reads in objdump", - "Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96992", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" - ], - "PublishedDate": "2017-03-21T06:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7223", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7223", - "Title": "binutils: Global buffer overflow when attempting to unget EOF character", - "Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7224", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7224", - "Title": "binutils: Invalid write in find_nearest_line function", - "Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97277", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20892" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7225", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7225", - "Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line", - "Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97275", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20891" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7226", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7226", - "Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd", - "Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20905" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7227", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7227", - "Title": "binutils: Heap-based buffer overflow in ld due to missing null termination", - "Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97209", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20906" - ], - "PublishedDate": "2017-03-22T16:59:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7299", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7299", - "Title": "binutils: Out-of-bounds read in bfd_elf_final_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7300", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7300", - "Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97219", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20909" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7301", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7301", - "Title": "binutils: Off-by-one error in aout_link_add_symbols function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97218", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20924" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:02:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7302", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7302", - "Title": "binutils: Out-of-bounds read in wap_std_reloc_out function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97216", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20921" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T16:28:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7303", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7303", - "Title": "binutils: Out-of-bounds read in find_link function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97213", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20922" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7304", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7304", - "Title": "binutils: Out-of-bounds read in copy_special_section_fields function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97215", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" - ], - "PublishedDate": "2017-03-29T15:59:00Z", - "LastModifiedDate": "2017-03-31T17:06:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7614", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7614", - "Title": "binutils: NULL pointer dereference in bfd_elf_final_link function", - "Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614", - "https://security.gentoo.org/glsa/201709-02" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8392", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8392", - "Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21409" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8393", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8393", - "Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21412" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8394", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8394", - "Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21414" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8395", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8395", - "Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21431" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8396", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8396", - "Title": "binutils: Out-of-bounds read in the existing reloc offset range tests", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21432" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8397", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8397", - "Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses", - "Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21434" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8398", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8398", - "Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary", - "Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" - ], - "PublishedDate": "2017-05-01T18:59:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8421", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8421", - "Title": "binutils: Memory exhaustion in objdump via a crafted PE file", - "Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" - ], - "PublishedDate": "2017-05-02T17:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9038", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9038", - "Title": "binutils: Heap-buffer overflow in the byte_get_little_endian", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98589", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9039", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9039", - "Title": "binutils: Memory consumption via many program headers", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98580", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9040", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9040", - "Title": "binutils: NULL pointer dereference in the process_mips_specific_function", - "Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98579", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9041", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9041", - "Title": "binutils: Heap buffer overflow in the process_mips_specific function", - "Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98598", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9042", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9042", - "Title": "binutils: Invalid variable type in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-704" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9043", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9043", - "Title": "binutils: Shift exponent too large for type unsigned long in readelf.c", - "Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98591", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9044", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9044", - "Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function", - "Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98587", - "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" - ], - "PublishedDate": "2017-05-18T01:29:00Z", - "LastModifiedDate": "2017-05-25T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9742", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9742", - "Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary", - "Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99105", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21576", - "https://www.exploit-db.com/exploits/42203/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-09-19T01:36:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9743", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9743", - "Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary", - "Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99106", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21577" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9744", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9744", - "Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary", - "Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99108", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21578" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:10:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9745", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9745", - "Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries", - "Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99109", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21579" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:13:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9746", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9746", - "Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary", - "Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99117", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21580", - "https://www.exploit-db.com/exploits/42199/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9747", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9747", - "Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary", - "Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99114", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21581", - "https://www.exploit-db.com/exploits/42200/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-13T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9748", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9748", - "Title": "binutils: Stack-based buffer over-read in ieee_object_p function", - "Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99110", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21582", - "https://www.exploit-db.com/exploits/42202/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9749", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9749", - "Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary", - "Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99113", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21586", - "https://www.exploit-db.com/exploits/42201/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9750", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9750", - "Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary", - "Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99118", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21587", - "https://www.exploit-db.com/exploits/42198/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9751", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9751", - "Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary", - "Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99111", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21588" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9752", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9752", - "Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary", - "Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99122", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9753", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9753", - "Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary", - "Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99116", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9754", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9754", - "Title": "binutils: Stack-based buffer over-read in process_otr function", - "Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21591" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2017-06-26T16:21:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9755", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9755", - "Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers", - "Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99124", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21594" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9756", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9756", - "Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary", - "Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756", - "https://security.gentoo.org/glsa/201801-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21595", - "https://www.exploit-db.com/exploits/42204/" - ], - "PublishedDate": "2017-06-19T04:29:00Z", - "LastModifiedDate": "2018-01-09T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9954", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9954", - "Title": "binutils: stack-based buffer over-read in getvalue function", - "Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99307", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954", - "https://security.gentoo.org/glsa/201709-02", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21670" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9955", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9955", - "Title": "binutils: heap buffer over-read in get_build_id function", - "Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99573", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" - ], - "PublishedDate": "2017-06-26T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12698", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12698", - "Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c", - "Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104539", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12699", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12699", - "Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c", - "Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104540", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12700", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12700", - "Title": "binutils: Stack Exhaustion in debug_write_type in debug.c", - "Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/104541", - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454", - "https://security.gentoo.org/glsa/201908-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23057" - ], - "PublishedDate": "2018-06-23T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-12934", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12934", - "Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c", - "Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23059" - ], - "PublishedDate": "2018-06-28T14:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17794", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17794", - "Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input", - "Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350" - ], - "PublishedDate": "2018-09-30T20:29:00Z", - "LastModifiedDate": "2018-11-28T15:06:00Z" - }, - { - "VulnerabilityID": "CVE-2018-17985", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17985", - "Title": "binutils: Stack consumption problem caused by the cplus_demangle_type", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335" - ], - "PublishedDate": "2018-10-04T23:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18483", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18483", - "Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service", - "Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105689", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23767" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18484", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18484", - "Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105693", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636" - ], - "PublishedDate": "2018-10-18T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18605", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18605", - "Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c", - "Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23804", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18606", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18606", - "Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c", - "Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23806", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18607", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18607", - "Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c", - "Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/105754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607", - "https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607", - "https://security.netapp.com/advisory/ntap-20190307-0003/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23805", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a" - ], - "PublishedDate": "2018-10-23T17:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18700", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18700", - "Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18701", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18701", - "Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c", - "Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" - ], - "PublishedDate": "2018-10-29T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19932", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19932", - "Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106144", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23932", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7" - ], - "PublishedDate": "2018-12-07T07:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20002", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20002", - "Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c", - "Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106142", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002", - "https://security.gentoo.org/glsa/201908-01", - "https://security.netapp.com/advisory/ntap-20190221-0004/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2018-12-10T02:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6323", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6323", - "Title": "binutils: Integer overflow in elf_object_p function in elfcode.h", - "Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/102821", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22746", - "https://www.exploit-db.com/exploits/44035/" - ], - "PublishedDate": "2018-01-26T08:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6759", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6759", - "Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service", - "Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103030", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22794" - ], - "PublishedDate": "2018-02-06T21:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6872", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6872", - "Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library", - "Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/103103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872", - "https://security.gentoo.org/glsa/201811-17", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22788", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6" - ], - "PublishedDate": "2018-02-09T06:29:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010204", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", - "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", - "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125", - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20190822-0001/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17450", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17450", - "Title": "binutils: denial of service via crafted ELF file", - "Description": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25078" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17451", - "PkgName": "binutils", - "InstalledVersion": "2.27-41.base.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17451", - "Title": "binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c", - "Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "https://security.netapp.com/advisory/ntap-20191024-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25070", - "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1" - ], - "PublishedDate": "2019-10-10T17:15:00Z", - "LastModifiedDate": "2019-10-24T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3189", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3189", - "Title": "bzip2: heap use after free in bzip2recover", - "Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/06/20/1", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91297", - "http://www.securitytracker.com/id/1036132", - "https://bugzilla.redhat.com/show_bug.cgi?id=1319648", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189", - "https://marc.info/?l=oss-security\u0026m=146642106322396\u0026w=2", - "https://security.gentoo.org/glsa/201708-08", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-08-22T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12900", - "PkgName": "bzip2-libs", - "InstalledVersion": "1.0.6-13.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12900", - "Title": "bzip2: out-of-bounds write in function BZ2_decompress", - "Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900", - "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html", - "https://usn.ubuntu.com/4038-1/", - "https://usn.ubuntu.com/4038-2/", - "https://usn.ubuntu.com/usn/usn-4038-1", - "https://usn.ubuntu.com/usn/usn-4038-2", - "https://usn.ubuntu.com/usn/usn-4038-3", - "https://usn.ubuntu.com/usn/usn-4038-4", - "https://usn.ubuntu.com/usn/usn-4146-1", - "https://usn.ubuntu.com/usn/usn-4146-2" - ], - "PublishedDate": "2019-06-19T23:15:00Z", - "LastModifiedDate": "2019-06-24T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2781", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781", - "Title": "coreutils: Non-privileged session can escape to the parent session in chroot", - "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "V2Score": 2.1, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q1/452", - "http://www.openwall.com/lists/oss-security/2016/02/28/2", - "http://www.openwall.com/lists/oss-security/2016/02/28/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2017-02-27T19:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18018", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018", - "Title": "coreutils: race condition vulnerability in chown and chgrp", - "Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 4.2 - } - }, - "References": [ - "http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html" - ], - "PublishedDate": "2018-01-04T04:29:00Z", - "LastModifiedDate": "2018-01-19T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9471", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9471", - "Title": "coreutils: memory corruption flaw in parse_datetime()", - "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0029.html", - "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872", - "http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872", - "http://secunia.com/advisories/62226", - "http://ubuntu.com/usn/usn-2473-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:179", - "http://www.openwall.com/lists/oss-security/2014/11/25/1", - "http://www.openwall.com/lists/oss-security/2014/11/25/4", - "http://www.openwall.com/lists/oss-security/2015/01/03/11", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471", - "https://security.gentoo.org/glsa/201612-22", - "https://usn.ubuntu.com/usn/usn-2473-1" - ], - "PublishedDate": "2015-01-16T16:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4041", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4041", - "Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()", - "Description": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://bugzilla.suse.com/show_bug.cgi?id=928749", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-4042", - "PkgName": "coreutils", - "InstalledVersion": "8.22-24.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-4042", - "Title": "coreutils: possible buffer overflow in keycompare_mb()", - "Description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/05/15/1", - "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" - ], - "PublishedDate": "2020-01-24T17:15:00Z", - "LastModifiedDate": "2020-02-01T17:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14866", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14866", - "Title": "cpio: improper input validation when writing tar header fields leads to unexpect tar generation", - "Description": "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14866", - "https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html", - "https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html", - "https://usn.ubuntu.com/usn/usn-4176-1" - ], - "PublishedDate": "2020-01-07T17:15:00Z", - "LastModifiedDate": "2020-01-10T14:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1197", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1197", - "Title": "cpio: directory traversal through symlinks", - "Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0080.html", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:066", - "http://www.openwall.com/lists/oss-security/2015/01/07/5", - "http://www.openwall.com/lists/oss-security/2015/01/18/7", - "http://www.securityfocus.com/bid/71914", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197", - "https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2015-02-19T15:59:00Z", - "LastModifiedDate": "2016-12-06T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2037", - "PkgName": "cpio", - "InstalledVersion": "2.11-27.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2037", - "Title": "cpio: out of bounds write", - "Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 4.3 - } - }, - "References": [ - "http://www.debian.org/security/2016/dsa-3483", - "http://www.openwall.com/lists/oss-security/2016/01/19/4", - "http://www.openwall.com/lists/oss-security/2016/01/22/4", - "http://www.securityfocus.com/bid/82293", - "http://www.securitytracker.com/id/1035067", - "http://www.ubuntu.com/usn/USN-2906-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037", - "https://usn.ubuntu.com/usn/usn-2906-1" - ], - "PublishedDate": "2016-02-22T15:59:00Z", - "LastModifiedDate": "2016-12-06T03:07:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6318", - "PkgName": "cracklib-dicts", - "InstalledVersion": "2.9.0-11.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6318", - "Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field", - "Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html", - "http://seclists.org/oss-sec/2016/q3/290", - "http://www.openwall.com/lists/oss-security/2016/08/16/2", - "http://www.securityfocus.com/bid/92478", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318", - "https://security.gentoo.org/glsa/201612-25" - ], - "PublishedDate": "2016-09-07T19:28:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "curl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19906", - "PkgName": "cyrus-sasl-lib", - "InstalledVersion": "2.1.26-23.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19906", - "Title": "cyrus-sasl: denial of service in _sasl_add_string function", - "Description": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906", - "https://github.com/cyrusimap/cyrus-sasl/issues/587", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html", - "https://seclists.org/bugtraq/2019/Dec/42", - "https://usn.ubuntu.com/4256-1/", - "https://usn.ubuntu.com/usn/usn-4256-1", - "https://www.debian.org/security/2019/dsa-4591", - "https://www.openldap.org/its/index.cgi/Incoming?id=9123" - ], - "PublishedDate": "2019-12-19T18:15:00Z", - "LastModifiedDate": "2020-01-30T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12749", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12749", - "Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass", - "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", - "V2Score": 3.6, - "V3Score": 7.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12749.html", - "http://linux.oracle.com/errata/ELSA-2019-3707.html", - "http://www.openwall.com/lists/oss-security/2019/06/11/2", - "http://www.securityfocus.com/bid/108751", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/", - "https://seclists.org/bugtraq/2019/Jun/16", - "https://usn.ubuntu.com/4015-1/", - "https://usn.ubuntu.com/4015-2/", - "https://usn.ubuntu.com/usn/usn-4015-1", - "https://usn.ubuntu.com/usn/usn-4015-2", - "https://www.debian.org/security/2019/dsa-4462", - "https://www.openwall.com/lists/oss-security/2019/06/11/2" - ], - "PublishedDate": "2019-06-11T17:29:00Z", - "LastModifiedDate": "2019-06-14T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3477", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3477", - "Title": "dbus: denial of service flaw in dbus-daemon", - "Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", - "V2Score": 3.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0266.html", - "http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567", - "http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://seclists.org/oss-sec/2014/q2/509", - "http://secunia.com/advisories/59428", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.securityfocus.com/bid/67986", - "https://bugs.freedesktop.org/show_bug.cgi?id=78979", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3477", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-01T17:55:00Z", - "LastModifiedDate": "2015-04-15T02:00:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3532", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3532", - "Title": "dbus: denial of service in file descriptor passing feature", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=80163", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3533", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3533", - "Title": "dbus: denial of service when forwarding invalid file descriptors", - "Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0294.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://openwall.com/lists/oss-security/2014/07/02/4", - "http://secunia.com/advisories/59611", - "http://secunia.com/advisories/59798", - "http://secunia.com/advisories/60236", - "http://www.debian.org/security/2014/dsa-2971", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "https://bugs.freedesktop.org/show_bug.cgi?id=79694", - "https://bugs.freedesktop.org/show_bug.cgi?id=80469", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533", - "https://usn.ubuntu.com/usn/usn-2275-1" - ], - "PublishedDate": "2014-07-19T19:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3635", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3635", - "Title": "dbus: heap-based buffer overflow flaw in file descriptor passing", - "Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=83622", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3635", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3636", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3636", - "Title": "dbus: denial of service by queuing or splitting file descriptors", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-10-25T20:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3637", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3637", - "Title": "dbus: denial of service by creating unkillable D-Bus connections", - "Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.", - "Severity": "LOW", - "CweIDs": [ - "CWE-17" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.openwall.com/lists/oss-security/2019/06/24/13", - "http://www.openwall.com/lists/oss-security/2019/06/24/14", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80559", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2019-06-24T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3638", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3638", - "Title": "dbus: denial of service in method call handling", - "Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3639", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3639", - "Title": "dbus: denial of service flaw in incomplete connection handling", - "Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0395.html", - "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html", - "http://secunia.com/advisories/61378", - "http://secunia.com/advisories/61431", - "http://www.debian.org/security/2014/dsa-3026", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2014/09/16/9", - "http://www.securitytracker.com/id/1030864", - "http://www.ubuntu.com/usn/USN-2352-1", - "https://bugs.freedesktop.org/show_bug.cgi?id=80919", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639", - "https://usn.ubuntu.com/usn/usn-2352-1" - ], - "PublishedDate": "2014-09-22T15:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0245", - "PkgName": "dbus-libs", - "InstalledVersion": "1:1.10.24-13.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0245", - "Title": "dbus: denial of service in dbus systemd activation", - "Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0071.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", - "http://www.debian.org/security/2015/dsa-3161", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176", - "http://www.openwall.com/lists/oss-security/2015/02/09/6", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0245", - "https://usn.ubuntu.com/usn/usn-3116-1" - ], - "PublishedDate": "2015-02-13T15:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4484", - "PkgName": "dracut", - "InstalledVersion": "033-564.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4484", - "Title": "dracut: Brute force attack on LUKS password decryption via initramfs", - "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 6.8 - } - }, - "References": [ - "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", - "http://www.openwall.com/lists/oss-security/2016/11/14/13", - "http://www.openwall.com/lists/oss-security/2016/11/15/1", - "http://www.openwall.com/lists/oss-security/2016/11/15/4", - "http://www.openwall.com/lists/oss-security/2016/11/16/6", - "http://www.securityfocus.com/bid/94315", - "https://access.redhat.com/articles/2786581", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", - "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" - ], - "PublishedDate": "2017-01-23T21:59:00Z", - "LastModifiedDate": "2017-01-26T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-default-yama-scope", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libelf", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10254", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10254", - "Title": "elfutils: Memory allocation failure in allocate_elf", - "Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/2", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10255", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10255", - "Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)", - "Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/03/22/1", - "https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/", - "https://bugzilla.redhat.com/show_bug.cgi?id=1387584", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255", - "https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-03-23T16:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7607", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7607", - "Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function", - "Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98608", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7608", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7608", - "Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function", - "Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "http://www.securityfocus.com/bid/98609", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7609", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7609", - "Title": "elfutils: Memory allocation failure in elf_compress.c", - "Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2018-06-07T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7610", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7610", - "Title": "elfutils: Heap-buffer overflow in the check_group function", - "Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7611", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7611", - "Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function", - "Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7612", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7612", - "Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function", - "Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7613", - "PkgName": "elfutils-libs", - "InstalledVersion": "0.176-2.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7613", - "Title": "elfutils: elflint.c does not validate the number of sections and segments", - "Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613", - "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html", - "https://security.gentoo.org/glsa/201710-10", - "https://usn.ubuntu.com/3670-1/", - "https://usn.ubuntu.com/usn/usn-3670-1" - ], - "PublishedDate": "2017-04-09T14:59:00Z", - "LastModifiedDate": "2019-06-20T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2012-6702", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-6702", - "Title": "expat: Using XML_Parse before rand() results into non-random output", - "Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/03/8", - "http://www.openwall.com/lists/oss-security/2016/06/04/1", - "http://www.securityfocus.com/bid/91483", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-18T17:55:00Z" - }, - { - "VulnerabilityID": "CVE-2013-0340", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-0340", - "Title": "expat: internal entity expansion", - "Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2013/02/22/3", - "http://securitytracker.com/id?1028213", - "http://www.openwall.com/lists/oss-security/2013/04/12/6", - "http://www.osvdb.org/90634", - "http://www.securityfocus.com/bid/58233", - "https://security.gentoo.org/glsa/201701-21" - ], - "PublishedDate": "2014-01-21T18:55:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2716", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2716", - "Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)", - "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2716.html", - "http://linux.oracle.com/errata/ELSA-2015-1012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html", - "http://rhn.redhat.com/errata/RHSA-2015-0988.html", - "http://rhn.redhat.com/errata/RHSA-2015-1012.html", - "http://www.debian.org/security/2015/dsa-3260", - "http://www.debian.org/security/2015/dsa-3264", - "http://www.mozilla.org/security/announce/2015/mfsa2015-54.html", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/74611", - "http://www.ubuntu.com/usn/USN-2602-1", - "http://www.ubuntu.com/usn/USN-2603-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1140537", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", - "https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c", - "https://security.gentoo.org/glsa/201605-06", - "https://usn.ubuntu.com/usn/usn-2602-1", - "https://usn.ubuntu.com/usn/usn-2603-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/", - "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2015-05-14T10:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4472", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4472", - "Title": "expat: Undefined behavior and pointer overflows", - "Description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/91528", - "http://www.ubuntu.com/usn/USN-3013-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1344251", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472", - "https://security.gentoo.org/glsa/201701-21", - "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-30T17:59:00Z", - "LastModifiedDate": "2017-11-03T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5300", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5300", - "Title": "expat: Little entropy used for hash initialization", - "Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://seclists.org/oss-sec/2016/q2/468", - "http://www.debian.org/security/2016/dsa-3597", - "http://www.openwall.com/lists/oss-security/2016/06/04/4", - "http://www.openwall.com/lists/oss-security/2016/06/04/5", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/91159", - "http://www.ubuntu.com/usn/USN-3010-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300", - "https://security.gentoo.org/glsa/201701-21", - "https://source.android.com/security/bulletin/2016-11-01.html", - "https://usn.ubuntu.com/usn/usn-3010-1", - "https://usn.ubuntu.com/usn/usn-3013-1", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-06-16T18:59:00Z", - "LastModifiedDate": "2019-01-23T12:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9233", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9233", - "Title": "expat: Inifinite loop due to invalid XML in external entity", - "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611", - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3898", - "http://www.openwall.com/lists/oss-security/2017/06/17/7", - "http://www.securityfocus.com/bid/99276", - "http://www.securitytracker.com/id/1039427", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233", - "https://github.com/libexpat/libexpat/blob/master/expat/Changes", - "https://libexpat.github.io/doc/cve-2017-9233/", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://support.f5.com/csp/article/K03244804", - "https://usn.ubuntu.com/usn/usn-3356-1", - "https://usn.ubuntu.com/usn/usn-3356-2" - ], - "PublishedDate": "2017-07-25T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20843", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20843", - "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS", - "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843", - "https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes", - "https://github.com/libexpat/libexpat/issues/186", - "https://github.com/libexpat/libexpat/pull/262", - "https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html", - "https://seclists.org/bugtraq/2019/Jun/39", - "https://security.netapp.com/advisory/ntap-20190703-0001/", - "https://usn.ubuntu.com/4040-1/", - "https://usn.ubuntu.com/4040-2/", - "https://usn.ubuntu.com/usn/usn-4040-1", - "https://usn.ubuntu.com/usn/usn-4040-2", - "https://www.debian.org/security/2019/dsa-4472" - ], - "PublishedDate": "2019-06-24T17:15:00Z", - "LastModifiedDate": "2019-06-26T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9063", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9063", - "Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat", - "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 4.3, - "V3Score": 3.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94337", - "http://www.securitytracker.com/id/1037298", - "http://www.securitytracker.com/id/1039427", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", - "https://usn.ubuntu.com/usn/usn-3124-1", - "https://www.debian.org/security/2017/dsa-3898", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", - "https://www.mozilla.org/security/advisories/mfsa2016-89/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-07-30T18:31:00Z" - }, - { - "VulnerabilityID": "CVE-2019-15903", - "PkgName": "expat", - "InstalledVersion": "2.1.0-10.el7_3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15903", - "Title": "expat: heap-based buffer over-read via crafted XML input", - "Description": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-15903.html", - "http://linux.oracle.com/errata/ELSA-2019-3237.html", - "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903", - "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", - "https://github.com/libexpat/libexpat/issues/317", - "https://github.com/libexpat/libexpat/issues/342", - "https://github.com/libexpat/libexpat/pull/318", - "https://seclists.org/bugtraq/2019/Sep/30", - "https://usn.ubuntu.com/4132-1/", - "https://usn.ubuntu.com/4132-2/", - "https://usn.ubuntu.com/usn/usn-4132-1", - "https://usn.ubuntu.com/usn/usn-4132-2", - "https://usn.ubuntu.com/usn/usn-4165-1", - "https://usn.ubuntu.com/usn/usn-4202-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903" - ], - "PublishedDate": "2019-09-04T06:15:00Z", - "LastModifiedDate": "2019-09-12T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9620", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9620", - "Title": "file: limit the number of ELF notes processed", - "Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", - "Severity": "LOW", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0040.html", - "http://linux.oracle.com/cve/CVE-2014-9620.html", - "http://linux.oracle.com/errata/ELSA-2016-0760.html", - "http://mx.gw.com/pipermail/file/2014/001653.html", - "http://mx.gw.com/pipermail/file/2015/001660.html", - "http://rhn.redhat.com/errata/RHSA-2016-0760.html", - "http://www.debian.org/security/2015/dsa-3121", - "http://www.openwall.com/lists/oss-security/2015/01/17/9", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/71715", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620", - "https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4", - "https://security.gentoo.org/glsa/201503-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/usn/usn-3686-1" - ], - "PublishedDate": "2015-01-21T18:59:00Z", - "LastModifiedDate": "2018-06-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8865", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8865", - "Title": "file: Buffer over-write in finfo_open with malformed magic file", - "Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.6 - } - }, - "References": [ - "http://bugs.gw.com/view.php?id=522", - "http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e", - "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://www.debian.org/security/2016/dsa-3560", - "http://www.openwall.com/lists/oss-security/2016/04/11/7", - "http://www.openwall.com/lists/oss-security/2016/04/24/1", - "http://www.php.net/ChangeLog-5.php", - "http://www.php.net/ChangeLog-7.php", - "http://www.securityfocus.com/bid/85802", - "http://www.ubuntu.com/usn/USN-2952-1", - "http://www.ubuntu.com/usn/USN-2952-2", - "https://bugs.php.net/bug.php?id=71527", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865", - "https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201611-22", - "https://security.gentoo.org/glsa/201701-42", - "https://support.apple.com/HT206567", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-2952-1", - "https://usn.ubuntu.com/usn/usn-2984-1", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2016-05-20T10:59:00Z", - "LastModifiedDate": "2018-06-30T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-10360", - "PkgName": "file-libs", - "InstalledVersion": "5.11-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10360", - "Title": "file: out-of-bounds read via a crafted ELF file", - "Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360", - "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "https://security.gentoo.org/glsa/201806-08", - "https://usn.ubuntu.com/3686-1/", - "https://usn.ubuntu.com/3686-2/", - "https://usn.ubuntu.com/usn/usn-3686-1", - "https://usn.ubuntu.com/usn/usn-3686-2" - ], - "PublishedDate": "2018-06-11T10:29:00Z", - "LastModifiedDate": "2019-05-02T14:40:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010180", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010180", - "Title": "gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution", - "Description": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", - "V3Score": 6.1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", - "http://www.securityfocus.com/bid/109367", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010180", - "https://sourceware.org/bugzilla/show_bug.cgi?id=23657" - ], - "PublishedDate": "2019-07-24T13:15:00Z", - "LastModifiedDate": "2019-10-31T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9778", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9778", - "Title": "gdb: Malformed section in an ELF binary or a core file can cause memory exhaustion", - "Description": "GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20", - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99244", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21600" - ], - "PublishedDate": "2017-06-21T07:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "gdb-gdbserver", - "InstalledVersion": "7.6.1-115.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8385", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8385", - "Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)", - "Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8385.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85572", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2016-3191", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-3191", - "Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)", - "Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-3191.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://vcs.pcre.org/pcre2?view=revision\u0026revision=489", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1631", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/84810", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.debian.org/815920", - "https://bugs.debian.org/815921", - "https://bugs.exim.org/show_bug.cgi?id=1791", - "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", - "https://usn.ubuntu.com/usn/usn-2943-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2016-03-17T23:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2327", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2327", - "Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)", - "Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.fortiguard.com/advisory/FG-VD-15-010/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1503", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2328", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2328", - "Title": "pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)", - "Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-2328.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.fortiguard.com/advisory/FG-VD-15-014/", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/74924", - "https://bugs.exim.org/show_bug.cgi?id=1515", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328", - "https://jira.mongodb.org/browse/SERVER-17252", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3217", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3217", - "Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)", - "Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-3217.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1566", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/03/7", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75018", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1638", - "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5073", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5073", - "Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-5073.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup", - "http://vcs.pcre.org/pcre?view=revision\u0026revision=1571", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/06/26/1", - "http://www.openwall.com/lists/oss-security/2015/06/26/3", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/75430", - "http://www.securitytracker.com/id/1033154", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bugs.exim.org/show_bug.cgi?id=1651", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2694-1", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2016-12-13T16:59:00Z", - "LastModifiedDate": "2018-05-18T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8388", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8388", - "Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)", - "Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119", - "CWE-185" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8388.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/85576", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8391", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8391", - "Title": "pcre: inefficient posix character class syntax check (8.38/16)", - "Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C", - "V2Score": 9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8391.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12450", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12450", - "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", - "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "V3Score": 6.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-12450.html", - "http://linux.oracle.com/errata/ELSA-2019-3530.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", - "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", - "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", - "https://security.netapp.com/advisory/ntap-20190606-0003/", - "https://usn.ubuntu.com/4014-1/", - "https://usn.ubuntu.com/4014-2/", - "https://usn.ubuntu.com/usn/usn-4014-1", - "https://usn.ubuntu.com/usn/usn-4014-2" - ], - "PublishedDate": "2019-05-29T17:29:00Z", - "LastModifiedDate": "2019-06-11T14:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9633", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9633", - "Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service", - "Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 8.2 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107391", - "https://gitlab.gnome.org/GNOME/glib/issues/1649" - ], - "PublishedDate": "2019-03-08T08:29:00Z", - "LastModifiedDate": "2019-03-14T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8386", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8386", - "Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)", - "Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2015-8386.html", - "http://linux.oracle.com/errata/ELSA-2016-1025.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://rhn.redhat.com/errata/RHSA-2016-1025.html", - "http://rhn.redhat.com/errata/RHSA-2016-2750.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "http://www.securityfocus.com/bid/82990", - "https://access.redhat.com/errata/RHSA-2016:1132", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2019-12-27T16:08:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16428", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16428", - "Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c", - "Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105210", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428", - "https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9", - "https://gitlab.gnome.org/GNOME/glib/issues/1364", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-16429", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16429", - "Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c", - "Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429", - "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", - "https://gitlab.gnome.org/GNOME/glib/issues/1361", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://usn.ubuntu.com/3767-1/", - "https://usn.ubuntu.com/3767-2/", - "https://usn.ubuntu.com/usn/usn-3767-1", - "https://usn.ubuntu.com/usn/usn-3767-2" - ], - "PublishedDate": "2018-09-04T00:29:00Z", - "LastModifiedDate": "2019-07-31T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13012", - "PkgName": "glib2", - "InstalledVersion": "2.56.1-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13012", - "Title": "glib2: insecure permissions for files and directories", - "Description": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.", - "Severity": "LOW", - "CweIDs": [ - "CWE-275" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012", - "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429", - "https://gitlab.gnome.org/GNOME/glib/issues/1658", - "https://gitlab.gnome.org/GNOME/glib/merge_requests/450", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html", - "https://security.netapp.com/advisory/ntap-20190806-0003/", - "https://usn.ubuntu.com/4049-1/", - "https://usn.ubuntu.com/4049-2/", - "https://usn.ubuntu.com/usn/usn-4049-1", - "https://usn.ubuntu.com/usn/usn-4049-2", - "https://usn.ubuntu.com/usn/usn-4049-3", - "https://usn.ubuntu.com/usn/usn-4049-4" - ], - "PublishedDate": "2019-06-28T15:15:00Z", - "LastModifiedDate": "2019-07-29T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2009-5155", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155", - "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result", - "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=11053", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18986", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672", - "https://support.f5.com/csp/article/K64119434" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-03-25T17:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8983", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8983", - "Title": "glibc: _IO_wstr_overflow integer overflow", - "Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/22/15", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72740", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17269", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1234", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1234", - "Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory", - "Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www.openwall.com/lists/oss-security/2016/03/07/16", - "http://www.securityfocus.com/bid/84204", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234", - "https://security.gentoo.org/glsa/201702-11", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19779", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2016-06-01T20:59:00Z", - "LastModifiedDate": "2019-05-31T18:16:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8804", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8804", - "Title": "glibc: memory leak in sunrpc when decoding malformed XDR", - "Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-502" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/05/05/2", - "http://www.securityfocus.com/bid/98339", - "https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7", - "https://sourceware.org/bugzilla/show_bug.cgi?id=21461", - "https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html" - ], - "PublishedDate": "2017-05-07T18:29:00Z", - "LastModifiedDate": "2017-05-16T01:34:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010022", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "Title": "glibc: stack guard protection bypass", - "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-07-18T15:44:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9169", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169", - "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read", - "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/107160", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24114", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9", - "https://support.f5.com/csp/article/K54823184" - ], - "PublishedDate": "2019-02-26T02:29:00Z", - "LastModifiedDate": "2019-04-16T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4043", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4043", - "Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument", - "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", - "Severity": "LOW", - "CweIDs": [ - "CWE-94" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 1 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", - "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", - "http://seclists.org/fulldisclosure/2019/Jun/18", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:152", - "http://www.openwall.com/lists/oss-security/2014/06/13/2", - "http://www.securityfocus.com/bid/68006", - "https://bugzilla.redhat.com/show_bug.cgi?id=1109263", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/93784", - "https://seclists.org/bugtraq/2019/Jun/14", - "https://security.gentoo.org/glsa/201503-04", - "https://sourceware.org/bugzilla/show_bug.cgi?id=17048", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362", - "https://usn.ubuntu.com/usn/usn-2306-1" - ], - "PublishedDate": "2014-10-06T23:55:00Z", - "LastModifiedDate": "2019-06-13T21:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8982", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8982", - "Title": "glibc: multiple overflows in strxfrm()", - "Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2015/09/08/2", - "http://www.openwall.com/lists/oss-security/2015/02/13/3", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72602", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982", - "https://sourceware.org/bugzilla/show_bug.cgi?id=16009", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed", - "https://usn.ubuntu.com/usn/usn-3239-1" - ], - "PublishedDate": "2017-03-15T19:59:00Z", - "LastModifiedDate": "2017-03-17T12:26:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8984", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8984", - "Title": "glibc: potential denial of service in internal_fnmatch()", - "Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2015/02/26/5", - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/72789", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984", - "https://sourceware.org/bugzilla/show_bug.cgi?id=18032", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2017-03-22T19:12:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8985", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8985", - "Title": "glibc: potential denial of service in pop_fail_stack()", - "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", - "Severity": "LOW", - "CweIDs": [ - "CWE-19" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 1.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2017/02/14/9", - "http://www.securityfocus.com/bid/76916", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985", - "https://security.gentoo.org/glsa/201908-06" - ], - "PublishedDate": "2017-03-20T16:59:00Z", - "LastModifiedDate": "2019-08-15T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-10228", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228", - "Title": "glibc: iconv program can hang when invoked with the -c option", - "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/03/01/10", - "http://www.securityfocus.com/bid/96525", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228", - "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" - ], - "PublishedDate": "2017-03-02T01:59:00Z", - "LastModifiedDate": "2017-03-04T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4429", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4429", - "Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()", - "Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html", - "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.securityfocus.com/bid/102073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429", - "https://source.android.com/security/bulletin/2017-12-01", - "https://sourceware.org/bugzilla/show_bug.cgi?id=20112", - "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c", - "https://usn.ubuntu.com/3759-1/", - "https://usn.ubuntu.com/3759-2/", - "https://usn.ubuntu.com/usn/usn-3239-1", - "https://usn.ubuntu.com/usn/usn-3759-1", - "https://usn.ubuntu.com/usn/usn-3759-2" - ], - "PublishedDate": "2016-06-10T15:59:00Z", - "LastModifiedDate": "2019-03-22T17:32:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15671", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15671", - "Title": "glibc: Memory leak in glob with GLOB_TILDE", - "Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101517", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22325" - ], - "PublishedDate": "2017-10-20T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1010023", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", - "Severity": "LOW", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109167", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS" - ], - "PublishedDate": "2019-07-15T04:15:00Z", - "LastModifiedDate": "2019-10-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19126", - "PkgName": "glibc-common", - "InstalledVersion": "2.17-292.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19126", - "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", - "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 2.9 - } - }, - "References": [ - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" - ], - "PublishedDate": "2019-11-19T22:15:00Z", - "LastModifiedDate": "2020-01-21T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-4617", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-4617", - "Title": "gnupg: infinite loop when decompressing data packets", - "Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342", - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html", - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html", - "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html", - "http://secunia.com/advisories/59213", - "http://secunia.com/advisories/59351", - "http://secunia.com/advisories/59534", - "http://secunia.com/advisories/59578", - "http://www.debian.org/security/2014/dsa-2967", - "http://www.debian.org/security/2014/dsa-2968", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "http://www.ubuntu.com/usn/USN-2258-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617", - "https://usn.ubuntu.com/usn/usn-2258-1" - ], - "PublishedDate": "2014-06-25T11:19:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13050", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050", - "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS", - "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-297" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://access.redhat.com/articles/4264021", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050", - "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", - "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", - "https://twitter.com/lambdafu/status/1147162583969009664" - ], - "PublishedDate": "2019-06-29T17:15:00Z", - "LastModifiedDate": "2019-07-09T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1606", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1606", - "Title": "gnupg2: invalid memory read using a garbled keyring", - "Description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securitytracker.com/id/1031876", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:33:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1607", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1607", - "Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)", - "Description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392", - "http://www.openwall.com/lists/oss-security/2015/02/13/14", - "http://www.openwall.com/lists/oss-security/2015/02/14/6", - "http://www.securityfocus.com/bid/72610", - "http://www.ubuntu.com/usn/usn-2554-1/", - "https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://usn.ubuntu.com/usn/usn-2554-1" - ], - "PublishedDate": "2019-11-20T19:15:00Z", - "LastModifiedDate": "2019-11-22T16:19:00Z" - }, - { - "VulnerabilityID": "CVE-2018-9234", - "PkgName": "gnupg2", - "InstalledVersion": "2.0.22-5.el7_5", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-9234", - "Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys", - "Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "V3Score": 2.2 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234", - "https://dev.gnupg.org/T3844", - "https://usn.ubuntu.com/3675-1/", - "https://usn.ubuntu.com/usn/usn-3675-1" - ], - "PublishedDate": "2018-04-04T00:29:00Z", - "LastModifiedDate": "2019-02-27T19:37:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3564", - "PkgName": "gpgme", - "InstalledVersion": "1.3.2-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3564", - "Title": "gpgme: heap-based buffer overflow in gpgsm status handler", - "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", - "http://seclists.org/oss-sec/2014/q3/266", - "http://www.debian.org/security/2014/dsa-3005", - "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "http://www.osvdb.org/109699", - "http://www.securityfocus.com/bid/68990", - "https://bugzilla.redhat.com/show_bug.cgi?id=1113267", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564", - "https://usn.ubuntu.com/usn/usn-2307-1" - ], - "PublishedDate": "2014-10-20T17:55:00Z", - "LastModifiedDate": "2016-10-18T03:44:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5351", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5351", - "Title": "krb5: current keys returned when randomizing the keys for a service principal", - "Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", - "V2Score": 2.1 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0477.html", - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html", - "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html", - "http://security.gentoo.org/glsa/glsa-201412-53.xml", - "http://www.mandriva.com/security/advisories?name=MDVSA-2014:224", - "http://www.securityfocus.com/bid/70380", - "http://www.securitytracker.com/id/1031003", - "http://www.ubuntu.com/usn/USN-2498-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/97028", - "https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca", - "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html", - "https://usn.ubuntu.com/usn/usn-2498-1" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2020-01-21T15:46:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2695", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2695", - "Title": "krb5: SPNEGO context aliasing bugs", - "Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/90687", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", - "https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2696", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2696", - "Title": "krb5: IAKERB context aliasing flaw", - "Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-18" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V2Score": 7.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.securityfocus.com/bid/90675", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", - "https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2697", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2697", - "Title": "krb5: build_principal() memory flaw", - "Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", - "V2Score": 6.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", - "V2Score": 4 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html", - "http://www.debian.org/security/2015/dsa-3395", - "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "http://www.securityfocus.com/bid/77581", - "http://www.securitytracker.com/id/1034084", - "http://www.ubuntu.com/usn/USN-2810-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", - "https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789", - "https://security.gentoo.org/glsa/201611-14", - "https://usn.ubuntu.com/usn/usn-2810-1" - ], - "PublishedDate": "2015-11-09T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15088", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15088", - "Title": "krb5: Buffer overflow in get_matching_data()", - "Description": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101594", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", - "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", - "https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4", - "https://github.com/krb5/krb5/pull/707" - ], - "PublishedDate": "2017-11-23T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:24:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20217", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20217", - "Title": "krb5: Reachable assertion in the KDC using S4U2Self requests", - "Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-617" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 3.5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", - "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/", - "https://security.netapp.com/advisory/ntap-20190416-0006/" - ], - "PublishedDate": "2018-12-26T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11462", - "PkgName": "krb5-libs", - "InstalledVersion": "1.15.1-37.el7_7.2", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11462", - "Title": "krb5: Automatic sec context deletion could lead to double-free", - "Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", - "Severity": "LOW", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", - "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", - "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" - ], - "PublishedDate": "2017-09-13T16:29:00Z", - "LastModifiedDate": "2020-01-21T15:47:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libblkid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0247", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0247", - "Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)", - "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", - "V2Score": 6.9 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0061.html", - "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:045", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.ocert.org/advisories/ocert-2015-002.html", - "http://www.securityfocus.com/archive/1/534633/100/0/threaded", - "http://www.securityfocus.com/bid/72520", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100740", - "https://security.gentoo.org/glsa/201701-06", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-17T15:59:00Z", - "LastModifiedDate": "2018-10-09T19:55:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5094", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", - "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write", - "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 6.4 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html", - "https://seclists.org/bugtraq/2019/Sep/58", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887", - "https://usn.ubuntu.com/4142-2/", - "https://usn.ubuntu.com/usn/usn-4142-1", - "https://usn.ubuntu.com/usn/usn-4142-2", - "https://www.debian.org/security/2019/dsa-4535" - ], - "PublishedDate": "2019-09-24T22:15:00Z", - "LastModifiedDate": "2019-09-28T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5188", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5188", - "Title": "e2fsprogs: Out-of-bounds write in e2fsck/rehash.c", - "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", - "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", - "https://usn.ubuntu.com/4249-1/", - "https://usn.ubuntu.com/usn/usn-4249-1" - ], - "PublishedDate": "2020-01-08T16:15:00Z", - "LastModifiedDate": "2020-01-28T06:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1572", - "PkgName": "libcom_err", - "InstalledVersion": "1.42.9-16.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1572", - "Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)", - "Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2015-0088.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html", - "http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html", - "http://www.debian.org/security/2015/dsa-3166", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:067", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:068", - "http://www.securityfocus.com/bid/72709", - "http://www.ubuntu.com/usn/USN-2507-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", - "https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73", - "https://security.gentoo.org/glsa/201507-22", - "https://usn.ubuntu.com/usn/usn-2507-1" - ], - "PublishedDate": "2015-02-24T15:59:00Z", - "LastModifiedDate": "2017-11-08T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-3153", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-3153", - "Title": "curl: sensitive HTTP server headers also sent to proxies", - "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20150429.html", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html", - "http://www.debian.org/security/2015/dsa-3240", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "http://www.securityfocus.com/bid/74408", - "http://www.securitytracker.com/id/1032233", - "http://www.ubuntu.com/usn/USN-2591-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131", - "https://support.apple.com/kb/HT205031", - "https://usn.ubuntu.com/usn/usn-2591-1" - ], - "PublishedDate": "2015-05-01T15:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8615", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8615", - "Title": "curl: Cookie injection for other servers", - "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-254" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8615.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94096", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", - "https://curl.haxx.se/CVE-2016-8615.patch", - "https://curl.haxx.se/docs/adv_20161102A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8617", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8617", - "Title": "curl: Out-of-bounds write via unchecked multiplication", - "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8617.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94097", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617", - "https://curl.haxx.se/CVE-2016-8617.patch", - "https://curl.haxx.se/docs/adv_20161102C.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8618", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8618", - "Title": "curl: Double-free in curl_maprintf", - "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8618.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94098", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618", - "https://curl.haxx.se/docs/adv_20161102D.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8619", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8619", - "Title": "curl: Double-free in krb5 code", - "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-415" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8619.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94100", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619", - "https://curl.haxx.se/CVE-2016-8619.patch", - "https://curl.haxx.se/docs/adv_20161102E.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8624", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8624", - "Title": "curl: Invalid URL parsing with '#'", - "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8624.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94103", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624", - "https://curl.haxx.se/docs/adv_20161102J.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8625", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8625", - "Title": "curl: IDNA 2003 makes curl use wrong host", - "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8625.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.securityfocus.com/bid/94107", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625", - "https://curl.haxx.se/CVE-2016-8625.patch", - "https://curl.haxx.se/docs/adv_20161102K.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625", - "https://security.gentoo.org/glsa/201701-47", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000254", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000254", - "Title": "curl: FTP PWD response parser out of bounds read", - "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/101115", - "http://www.securitytracker.com/id/1039509", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/673d0cd8.patch", - "https://curl.haxx.se/docs/adv_20171004.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254", - "https://security.gentoo.org/glsa/201712-04", - "https://support.apple.com/HT208331", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-06T13:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8817", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8817", - "Title": "curl: FTP wildcard out of bounds read", - "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 3.1 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=162", - "http://www.securityfocus.com/bid/102057", - "http://www.securitytracker.com/id/1039897", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_2017-ae72.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html", - "https://security.gentoo.org/glsa/201712-04", - "https://usn.ubuntu.com/usn/usn-3498-1", - "https://usn.ubuntu.com/usn/usn-3498-2", - "https://www.debian.org/security/2017/dsa-4051" - ], - "PublishedDate": "2017-11-29T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20483", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20483", - "Title": "wget: Information exposure in set_file_metadata function in xattr.c", - "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 2.1, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", - "http://linux.oracle.com/cve/CVE-2018-20483.html", - "http://linux.oracle.com/errata/ELSA-2019-3701.html", - "http://www.securityfocus.com/bid/106358", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", - "https://security.gentoo.org/glsa/201903-08", - "https://security.netapp.com/advisory/ntap-20190321-0002/", - "https://twitter.com/marcan42/status/1077676739877232640", - "https://usn.ubuntu.com/3943-1/", - "https://usn.ubuntu.com/usn/usn-3943-1" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-04-09T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5482", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482", - "Title": "curl: heap buffer overflow in function tftp_receive_packet()", - "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 6.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", - "https://curl.haxx.se/docs/CVE-2019-5482.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", - "https://usn.ubuntu.com/usn/usn-4129-1", - "https://usn.ubuntu.com/usn/usn-4129-2" - ], - "PublishedDate": "2019-09-16T19:15:00Z", - "LastModifiedDate": "2019-09-18T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-0755", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-0755", - "Title": "curl: NTLM credentials not-checked for proxy connection re-use", - "Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 5, - "V3Score": 7.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", - "V2Score": 4 - } - }, - "References": [ - "http://curl.haxx.se/docs/adv_20160127A.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html", - "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html", - "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html", - "http://www.debian.org/security/2016/dsa-3455", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/82307", - "http://www.securitytracker.com/id/1034882", - "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965", - "http://www.ubuntu.com/usn/USN-2882-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755", - "https://security.gentoo.org/glsa/201701-47", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-2882-1" - ], - "PublishedDate": "2016-01-29T20:59:00Z", - "LastModifiedDate": "2018-10-17T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8616", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8616", - "Title": "curl: Case insensitive password comparison", - "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", - "Severity": "LOW", - "CweIDs": [ - "CWE-255" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8616.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94094", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616", - "https://curl.haxx.se/CVE-2016-8616.patch", - "https://curl.haxx.se/docs/adv_20161102B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8621", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8621", - "Title": "curl: curl_getdate out-of-bounds read", - "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8621.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94101", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621", - "https://curl.haxx.se/CVE-2016-8621.patch", - "https://curl.haxx.se/docs/adv_20161102G.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T22:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8622", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8622", - "Title": "curl: URL unescape heap overflow via integer truncation", - "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", - "Severity": "LOW", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8622.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94105", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", - "https://curl.haxx.se/docs/adv_20161102H.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-07-31T21:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-8623", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8623", - "Title": "curl: Use-after-free via shared cookies", - "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-8623.html", - "http://linux.oracle.com/errata/ELSA-2019-4652.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/94106", - "http://www.securitytracker.com/id/1037192", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623", - "https://curl.haxx.se/CVE-2016-8623.patch", - "https://curl.haxx.se/docs/adv_20161102I.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3123-1", - "https://www.tenable.com/security/tns-2016-21" - ], - "PublishedDate": "2018-08-01T06:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9586", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9586", - "Title": "curl: printf floating point buffer overflow", - "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "http://www.securityfocus.com/bid/95019", - "http://www.securitytracker.com/id/1037515", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586", - "https://curl.haxx.se/docs/adv_20161221A.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586", - "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", - "https://security.gentoo.org/glsa/201701-47", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2018-04-23T18:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000100", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000100", - "Title": "curl: TFTP sends more than buffer size", - "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3992", - "http://www.securityfocus.com/bid/100286", - "http://www.securitytracker.com/id/1039118", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170809B.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100", - "https://security.gentoo.org/glsa/201709-14", - "https://support.apple.com/HT208221", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-10-05T01:29:00Z", - "LastModifiedDate": "2018-11-13T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7407", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7407", - "Title": "curl: --write-out out of bounds read", - "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 2.4 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "V3Score": 1.8 - } - }, - "References": [ - "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "https://access.redhat.com/errata/RHSA-2018:3558", - "https://curl.haxx.se/docs/adv_20170403.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", - "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", - "https://security.gentoo.org/glsa/201709-14", - "https://usn.ubuntu.com/usn/usn-3441-1", - "https://usn.ubuntu.com/usn/usn-3441-2" - ], - "PublishedDate": "2017-04-03T20:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5436", - "PkgName": "libcurl", - "InstalledVersion": "7.29.0-54.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", - "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", - "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", - "https://curl.haxx.se/docs/CVE-2019-5436.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", - "https://security.netapp.com/advisory/ntap-20190606-0004/", - "https://usn.ubuntu.com/usn/usn-3993-1", - "https://usn.ubuntu.com/usn/usn-3993-2" - ], - "PublishedDate": "2019-05-28T19:29:00Z", - "LastModifiedDate": "2019-06-09T05:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb", - "InstalledVersion": "5.3.21-25.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10140", - "PkgName": "libdb-utils", - "InstalledVersion": "5.3.21-25.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10140", - "Title": "libdb: Reads DB_CONFIG from the current working directory", - "Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://seclists.org/oss-sec/2017/q3/285", - "http://www.openwall.com/lists/oss-security/2017/08/12/1", - "http://www.postfix.org/announcements/postfix-3.2.2.html", - "https://access.redhat.com/errata/RHSA-2019:0366", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140", - "https://usn.ubuntu.com/usn/usn-3489-1", - "https://usn.ubuntu.com/usn/usn-3489-2" - ], - "PublishedDate": "2018-04-16T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libgcc", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5270", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5270", - "Title": "libgcrypt: ELGAMAL side-channel attack", - "Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html", - "http://openwall.com/lists/oss-security/2014/08/16/2", - "http://www.cs.tau.ac.il/~tromer/handsoff/", - "http://www.debian.org/security/2014/dsa-3024", - "http://www.debian.org/security/2014/dsa-3073", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5270", - "https://usn.ubuntu.com/usn/usn-2339-1", - "https://usn.ubuntu.com/usn/usn-2339-2" - ], - "PublishedDate": "2014-10-10T01:55:00Z", - "LastModifiedDate": "2017-11-04T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7526", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7526", - "Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery", - "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/99338", - "http://www.securitytracker.com/id/1038915", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526", - "https://eprint.iacr.org/2017/627", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", - "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", - "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html", - "https://usn.ubuntu.com/3733-1/", - "https://usn.ubuntu.com/3733-2/", - "https://usn.ubuntu.com/usn/usn-3347-1", - "https://usn.ubuntu.com/usn/usn-3347-2", - "https://usn.ubuntu.com/usn/usn-3733-1", - "https://usn.ubuntu.com/usn/usn-3733-2", - "https://www.debian.org/security/2017/dsa-3901", - "https://www.debian.org/security/2017/dsa-3960" - ], - "PublishedDate": "2018-07-26T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-12904", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12904", - "Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack", - "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.9 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904", - "https://dev.gnupg.org/T4541", - "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", - "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" - ], - "PublishedDate": "2019-06-20T00:15:00Z", - "LastModifiedDate": "2019-07-23T18:15:00Z" - }, - { - "VulnerabilityID": "CVE-2014-3591", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-3591", - "Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)", - "Description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.cs.tau.ac.il/~tromer/radioexp/", - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3591", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-05T18:06:00Z" - }, - { - "VulnerabilityID": "CVE-2015-0837", - "PkgName": "libgcrypt", - "InstalledVersion": "1.5.3-14.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-0837", - "Title": "libgcrypt: last-level cache side-channel attack", - "Description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-203" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 1.2 - } - }, - "References": [ - "http://www.debian.org/security/2015/dsa-3184", - "http://www.debian.org/security/2015/dsa-3185", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837", - "https://ieeexplore.ieee.org/document/7163050", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", - "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", - "https://usn.ubuntu.com/usn/usn-2554-1", - "https://usn.ubuntu.com/usn/usn-2555-1" - ], - "PublishedDate": "2019-11-29T22:15:00Z", - "LastModifiedDate": "2019-12-14T13:59:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2059", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2059", - "Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8", - "Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3578", - "http://www.openwall.com/lists/oss-security/2015/02/23/25", - "http://www.securityfocus.com/bid/72736", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059", - "https://github.com/jabberd2/jabberd2/issues/85", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html (regression)", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2015-08-12T14:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8948", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8948", - "Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer", - "Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://marc.info/?l=oss-security\u0026m=146910769415616\u0026w=2", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6261", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6261", - "Title": "libidn: Out of bounds stack read in idna_to_ascii_4i", - "Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261", - "https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6262", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6262", - "Title": "libidn: Out-of-bounds read when reading zero byte as input", - "Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6263", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6263", - "Title": "libidn: Crash when given invalid UTF-8 data on input", - "Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V2Score": 2.6, - "V3Score": 3.7 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html", - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html", - "http://www.debian.org/security/2016/dsa-3658", - "http://www.openwall.com/lists/oss-security/2016/07/20/6", - "http://www.openwall.com/lists/oss-security/2016/07/21/4", - "http://www.securityfocus.com/bid/92070", - "http://www.ubuntu.com/usn/USN-3068-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263", - "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html", - "https://usn.ubuntu.com/usn/usn-3068-1" - ], - "PublishedDate": "2016-09-07T20:59:00Z", - "LastModifiedDate": "2016-11-28T20:31:00Z" - }, - { - "VulnerabilityID": "CVE-2017-14062", - "PkgName": "libidn", - "InstalledVersion": "1.28-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-14062", - "Title": "libidn2: Integer overflow in puny_decode.c/decode_digit", - "Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3988", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062", - "https://gitlab.com/libidn/libidn2/blob/master/NEWS", - "https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd", - "https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html", - "https://usn.ubuntu.com/usn/usn-3421-1", - "https://usn.ubuntu.com/usn/usn-3434-1", - "https://usn.ubuntu.com/usn/usn-3434-2" - ], - "PublishedDate": "2017-08-31T16:29:00Z", - "LastModifiedDate": "2020-02-18T19:27:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libmount", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0553", - "PkgName": "libnl", - "InstalledVersion": "1.1.4-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0553", - "Title": "libnl: Integer overflow in nlmsg_reserve()", - "Description": "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 7.6, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb", - "http://linux.oracle.com/cve/CVE-2017-0553.html", - "http://linux.oracle.com/errata/ELSA-2017-2299.html", - "http://lists.infradead.org/pipermail/libnl/2017-May/002313.html", - "http://www.securityfocus.com/bid/97340", - "http://www.securitytracker.com/id/1038201", - "http://www.ubuntu.com/usn/USN-3311-2", - "https://access.redhat.com/errata/RHSA-2017:2299", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/", - "https://source.android.com/security/bulletin/2017-04-01", - "https://usn.ubuntu.com/usn/usn-3311-1", - "https://usn.ubuntu.com/usn/usn-3311-1/", - "https://usn.ubuntu.com/usn/usn-3311-2" - ], - "PublishedDate": "2017-04-07T22:59:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libsmartcols", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13115", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13115", - "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write", - "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "V2Score": 5.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", - "V3Score": 6.8 - } - }, - "References": [ - "https://blog.semmle.com/libssh2-integer-overflow/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", - "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", - "https://github.com/libssh2/libssh2/pull/350", - "https://libssh2.org/changes.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html" - ], - "PublishedDate": "2019-07-16T18:15:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17498", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17498", - "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c", - "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", - "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498", - "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", - "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", - "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94", - "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" - ], - "PublishedDate": "2019-10-21T22:15:00Z", - "LastModifiedDate": "2019-11-07T03:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3859", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3859", - "Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html", - "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", - "http://www.openwall.com/lists/oss-security/2019/03/18/3", - "http://www.securityfocus.com/bid/107485", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859", - "https://github.com/libssh2/libssh2/pull/315", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html", - "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", - "https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://seclists.org/bugtraq/2019/Mar/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3859.html" - ], - "PublishedDate": "2019-03-21T16:01:00Z", - "LastModifiedDate": "2019-07-25T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3860", - "PkgName": "libssh2", - "InstalledVersion": "1.8.0-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3860", - "Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets", - "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860", - "https://github.com/libssh2/libssh2/pull/316", - "https://libssh2.org/CVE-2019-3860.html", - "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", - "https://seclists.org/bugtraq/2019/Apr/25", - "https://security.netapp.com/advisory/ntap-20190327-0005/", - "https://www.debian.org/security/2019/dsa-4431", - "https://www.libssh2.org/CVE-2019-3860.html" - ], - "PublishedDate": "2019-03-25T19:29:00Z", - "LastModifiedDate": "2019-04-15T12:31:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5044", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5044", - "Title": "gcc: integer overflow flaws in libgfortran", - "Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2014/07/23/7", - "http://www.openwall.com/lists/oss-security/2014/07/24/1", - "http://www.openwall.com/lists/oss-security/2014/07/31/6", - "https://bugzilla.redhat.com/show_bug.cgi?id=1122812", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/94849", - "https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721", - "https://gcc.gnu.org/viewcvs/gcc?limit_changes=0\u0026view=revision\u0026revision=211721" - ], - "PublishedDate": "2018-03-07T15:29:00Z", - "LastModifiedDate": "2018-03-27T23:48:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20673", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20673", - "Title": "libiberty: Integer overflow in demangle_template() function", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/106454", - "https://sourceware.org/bugzilla/show_bug.cgi?id=24039" - ], - "PublishedDate": "2019-01-04T18:29:00Z", - "LastModifiedDate": "2019-01-15T14:36:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5276", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5276", - "Title": "gcc: Predictable randomness from std::random_device", - "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", - "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", - "http://www.securitytracker.com/id/1034375", - "https://bugzilla.redhat.com/show_bug.cgi?id=1262846", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142", - "https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html" - ], - "PublishedDate": "2015-11-17T15:59:00Z", - "LastModifiedDate": "2019-02-12T19:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2226", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2226", - "Title": "gcc: Exploitable buffer overflow", - "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190", - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V2Score": 6.8, - "V3Score": 3.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90103", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1", - "https://www.exploit-db.com/exploits/42386/" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-08-12T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4487", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4487", - "Title": "gcc: Invalid write due to a use-after-free to array btypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4488", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4488", - "Title": "gcc: Invalid write due to a use-after-free to array ktypevec", - "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "V2Score": 5.1, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90025", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481", - "https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4489", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4489", - "Title": "gcc: Invalid write due to integer overflow", - "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90017", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4490", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4490", - "Title": "gcc: Write access violation", - "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4, - "V3Score": 5.9 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90019", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4491", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4491", - "Title": "gcc: Stack overflow due to infinite recursion in d_print_comp", - "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90016", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4492", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4492", - "Title": "gcc: Read access violations", - "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4493", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4493", - "Title": "gcc: Read access violations", - "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 2.6, - "V3Score": 5.3 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/05/05/5", - "http://www.securityfocus.com/bid/90014", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926", - "https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html", - "https://usn.ubuntu.com/usn/usn-3337-1", - "https://usn.ubuntu.com/usn/usn-3367-1", - "https://usn.ubuntu.com/usn/usn-3368-1" - ], - "PublishedDate": "2017-02-24T20:59:00Z", - "LastModifiedDate": "2017-07-28T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20657", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657", - "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service", - "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20657.html", - "http://linux.oracle.com/errata/ELSA-2019-3352.html", - "http://www.securityfocus.com/bid/106444", - "https://access.redhat.com/errata/RHSA-2019:3352", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", - "https://support.f5.com/csp/article/K62602089" - ], - "PublishedDate": "2019-01-02T14:29:00Z", - "LastModifiedDate": "2019-11-06T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-14250", - "PkgName": "libstdc++", - "InstalledVersion": "4.8.5-39.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14250", - "Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow", - "Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/109354", - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924", - "https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html", - "https://security.netapp.com/advisory/ntap-20190822-0002/" - ], - "PublishedDate": "2019-07-24T04:15:00Z", - "LastModifiedDate": "2019-08-22T07:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4008", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4008", - "Title": "libtasn1: infinite loop while parsing DER certificates", - "Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625", - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html", - "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html", - "http://www.debian.org/security/2016/dsa-3568", - "http://www.openwall.com/lists/oss-security/2016/04/11/3", - "http://www.ubuntu.com/usn/USN-2957-1", - "http://www.ubuntu.com/usn/USN-2957-2", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008", - "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html", - "https://security.gentoo.org/glsa/201703-05", - "https://usn.ubuntu.com/usn/usn-2957-1", - "https://usn.ubuntu.com/usn/usn-2957-2" - ], - "PublishedDate": "2016-05-05T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6003", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6003", - "Title": "libtasn1: Stack exhaustion due to indefinite recursion during BER decoding", - "Description": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97", - "https://bugzilla.redhat.com/show_bug.cgi?id=1535926", - "https://bugzilla.suse.com/show_bug.cgi?id=1076832", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003", - "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2018-01-22T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10790", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10790", - "Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function", - "Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464141", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/3547-1/", - "https://usn.ubuntu.com/usn/usn-3547-1", - "https://www.debian.org/security/2018/dsa-4106" - ], - "PublishedDate": "2017-07-02T03:29:00Z", - "LastModifiedDate": "2018-03-16T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6891", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6891", - "Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()", - "Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.8 - } - }, - "References": [ - "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.debian.org/security/2017/dsa-3861", - "http://www.securityfocus.com/bid/98641", - "http://www.securitytracker.com/id/1038619", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891", - "https://secuniaresearch.flexerasoftware.com/advisories/76125/", - "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", - "https://security.gentoo.org/glsa/201710-11", - "https://usn.ubuntu.com/usn/usn-3309-1", - "https://usn.ubuntu.com/usn/usn-3309-2" - ], - "PublishedDate": "2017-05-22T19:29:00Z", - "LastModifiedDate": "2019-06-05T15:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000654", - "PkgName": "libtasn1", - "InstalledVersion": "4.10-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654", - "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", - "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", - "Severity": "LOW", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 7.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html", - "http://www.securityfocus.com/bid/105151", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654", - "https://gitlab.com/gnutls/libtasn1/issues/4" - ], - "PublishedDate": "2018-08-20T19:31:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "libuuid", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2016-5131", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-5131", - "Title": "libxml2: use after free triggered by XPointer paths beginning with range-to", - "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - } - }, - "References": [ - "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", - "http://rhn.redhat.com/errata/RHSA-2016-1485.html", - "http://www.debian.org/security/2016/dsa-3637", - "http://www.securityfocus.com/bid/92053", - "http://www.securitytracker.com/id/1036428", - "http://www.securitytracker.com/id/1038623", - "http://www.ubuntu.com/usn/USN-3041-1", - "https://bugzilla.redhat.com/show_bug.cgi?id=1358641", - "https://codereview.chromium.org/2127493002", - "https://crbug.com/623378", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", - "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", - "https://security.gentoo.org/glsa/201610-09", - "https://security.gentoo.org/glsa/201701-37", - "https://source.android.com/security/bulletin/2017-05-01", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3041-1", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-07-23T19:59:00Z", - "LastModifiedDate": "2019-03-26T17:14:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15412", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15412", - "Title": "chromium-browser: use after free in libxml", - "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://www.securitytracker.com/id/1040348", - "https://access.redhat.com/errata/RHSA-2017:3401", - "https://access.redhat.com/errata/RHSA-2018:0287", - "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "https://crbug.com/727039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", - "https://security.gentoo.org/glsa/201801-03", - "https://usn.ubuntu.com/usn/usn-3513-1", - "https://usn.ubuntu.com/usn/usn-3513-1/", - "https://usn.ubuntu.com/usn/usn-3513-2", - "https://www.debian.org/security/2018/dsa-4086" - ], - "PublishedDate": "2018-08-28T19:29:00Z", - "LastModifiedDate": "2018-10-25T11:35:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8035", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8035", - "Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled", - "Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-399" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V2Score": 2.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", - "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html", - "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", - "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", - "http://rhn.redhat.com/errata/RHSA-2016-1089.html", - "http://www.debian.org/security/2015/dsa-3430", - "http://www.openwall.com/lists/oss-security/2015/11/02/2", - "http://www.openwall.com/lists/oss-security/2015/11/02/4", - "http://www.openwall.com/lists/oss-security/2015/11/03/1", - "http://www.securityfocus.com/bid/77390", - "http://www.securitytracker.com/id/1034243", - "http://www.ubuntu.com/usn/USN-2812-1", - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=757466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT206166", - "https://support.apple.com/HT206167", - "https://support.apple.com/HT206168", - "https://support.apple.com/HT206169", - "https://usn.ubuntu.com/usn/usn-2812-1" - ], - "PublishedDate": "2015-11-18T16:59:00Z", - "LastModifiedDate": "2019-03-08T16:06:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4483", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4483", - "Title": "libxml2: out-of-bounds read", - "Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://rhn.redhat.com/errata/RHSA-2016-2957.html", - "http://www.debian.org/security/2016/dsa-3593", - "http://www.openwall.com/lists/oss-security/2016/05/03/8", - "http://www.openwall.com/lists/oss-security/2016/05/04/7", - "http://www.openwall.com/lists/oss-security/2016/06/07/4", - "http://www.openwall.com/lists/oss-security/2016/06/07/5", - "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "http://www.securityfocus.com/bid/90013", - "http://www.securitytracker.com/id/1036348", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483", - "https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd", - "https://security.gentoo.org/glsa/201701-37", - "https://usn.ubuntu.com/usn/usn-2994-1", - "https://www.tenable.com/security/tns-2016-18" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4658", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4658", - "Title": "libxml2: Use after free via namespace node in XPointer ranges", - "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 10, - "V3Score": 9.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", - "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", - "http://www.securityfocus.com/bid/93054", - "http://www.securitytracker.com/id/1036858", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", - "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", - "https://github.com/sparklemotion/nokogiri/issues/1615", - "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", - "https://security.gentoo.org/glsa/201701-37", - "https://support.apple.com/HT207141", - "https://support.apple.com/HT207142", - "https://support.apple.com/HT207143", - "https://support.apple.com/HT207170", - "https://usn.ubuntu.com/usn/usn-3235-1" - ], - "PublishedDate": "2016-09-25T10:59:00Z", - "LastModifiedDate": "2019-03-13T14:05:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9318", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9318", - "Title": "libxml2: XML External Entity vulnerability", - "Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", - "V2Score": 5.8, - "V3Score": 6.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94347", - "https://bugzilla.gnome.org/show_bug.cgi?id=772726", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", - "https://github.com/lsh123/xmlsec/issues/43", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2016-11-16T00:59:00Z", - "LastModifiedDate": "2018-08-15T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-0663", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0663", - "Title": "libxml2: Heap buffer overflow in xmlAddID", - "Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-06-14T13:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16931", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16931", - "Title": "libxml2: Mishandling parameter-entity references", - "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=766956", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", - "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2018-02-04T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16932", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16932", - "Title": "libxml2: Infinite recursion in parameter entities", - "Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://xmlsoft.org/news.html", - "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", - "https://bugzilla.gnome.org/show_bug.cgi?id=759579", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", - "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", - "https://github.com/sparklemotion/nokogiri/issues/1714", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3504-1", - "https://usn.ubuntu.com/usn/usn-3504-1/", - "https://usn.ubuntu.com/usn/usn-3504-2", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2017-11-23T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7375", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7375", - "Title": "libxml2: Missing validation for external entities in xmlParsePEReference", - "Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-611" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98877", - "http://www.securitytracker.com/id/1038623", - "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", - "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", - "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", - "https://security.gentoo.org/glsa/201711-01", - "https://source.android.com/security/bulletin/2017-06-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2", - "https://www.debian.org/security/2017/dsa-3952" - ], - "PublishedDate": "2018-02-19T19:29:00Z", - "LastModifiedDate": "2018-03-18T14:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9047", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9047", - "Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent", - "Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98599", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9049", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9049", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98601", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9050", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9050", - "Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98568", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", - "https://github.com/sparklemotion/nokogiri/issues/1673", - "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-1/", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14404", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14404", - "Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service", - "Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", - "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", - "https://github.com/sparklemotion/nokogiri/issues/1785", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594", - "https://gitlab.gnome.org/GNOME/libxml2/issues/10", - "https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/3739-2/", - "https://usn.ubuntu.com/usn/usn-3739-1", - "https://usn.ubuntu.com/usn/usn-3739-2" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2018-09-28T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19956", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19956", - "Title": "libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash", - "Description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", - "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", - "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", - "https://security.netapp.com/advisory/ntap-20200114-0002/", - "https://usn.ubuntu.com/usn/usn-4274-1" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18258", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18258", - "Title": "libxml2: denial of service in xz_head function in xzlib.c", - "Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-770" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", - "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", - "https://security.netapp.com/advisory/ntap-20190719-0001/", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-04-08T17:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5969", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5969", - "Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation", - "Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 2.6, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/11/05/3", - "http://www.openwall.com/lists/oss-security/2017/02/13/1", - "http://www.securityfocus.com/bid/96188", - "https://bugzilla.gnome.org/show_bug.cgi?id=778519", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", - "https://security.gentoo.org/glsa/201711-01" - ], - "PublishedDate": "2017-04-11T16:59:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-8872", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-8872", - "Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish", - "Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", - "V2Score": 6.4, - "V3Score": 9.1 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "https://bugzilla.gnome.org/show_bug.cgi?id=775200", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" - ], - "PublishedDate": "2017-05-10T05:29:00Z", - "LastModifiedDate": "2017-05-15T18:37:00Z" - }, - { - "VulnerabilityID": "CVE-2017-9048", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9048", - "Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", - "Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.8 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3952", - "http://www.openwall.com/lists/oss-security/2017/05/15/1", - "http://www.securityfocus.com/bid/98556", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", - "https://security.gentoo.org/glsa/201711-01", - "https://usn.ubuntu.com/usn/usn-3424-1", - "https://usn.ubuntu.com/usn/usn-3424-2" - ], - "PublishedDate": "2017-05-18T06:29:00Z", - "LastModifiedDate": "2017-11-11T02:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-14567", - "PkgName": "libxml2-python", - "InstalledVersion": "2.9.1-6.el7_2.3", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-14567", - "Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file", - "Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 4.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/105198", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", - "https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", - "https://usn.ubuntu.com/3739-1/", - "https://usn.ubuntu.com/usn/usn-3739-1" - ], - "PublishedDate": "2018-08-16T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2014-5461", - "PkgName": "lua", - "InstalledVersion": "5.1.4-15.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-5461", - "Title": "lua: overflow flaw in vararg functions", - "Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 4.4 - } - }, - "References": [ - "http://advisories.mageia.org/MGASA-2014-0414.html", - "http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html", - "http://secunia.com/advisories/59890", - "http://secunia.com/advisories/60869", - "http://secunia.com/advisories/61411", - "http://www.debian.org/security/2014/dsa-3015", - "http://www.debian.org/security/2014/dsa-3016", - "http://www.lua.org/bugs.html#5.2.2-1", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:144", - "http://www.openwall.com/lists/oss-security/2014/08/21/1", - "http://www.openwall.com/lists/oss-security/2014/08/21/4", - "http://www.openwall.com/lists/oss-security/2014/08/27/2", - "http://www.securityfocus.com/bid/69342", - "http://www.ubuntu.com/usn/USN-2338-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461", - "https://security.gentoo.org/glsa/201701-53", - "https://usn.ubuntu.com/usn/usn-2338-1" - ], - "PublishedDate": "2014-09-04T17:55:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17543", - "PkgName": "lz4", - "InstalledVersion": "1.7.5-3.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17543", - "Title": "lz4: heap-based buffer overflow in LZ4_write32", - "Description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", - "Severity": "LOW", - "CweIDs": [ - "CWE-120" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543", - "https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2", - "https://github.com/lz4/lz4/issues/801", - "https://github.com/lz4/lz4/pull/756", - "https://github.com/lz4/lz4/pull/760", - "https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316@%3Cissues.arrow.apache.org%3E", - "https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3@%3Cdev.arrow.apache.org%3E" - ], - "PublishedDate": "2019-10-14T02:15:00Z", - "LastModifiedDate": "2019-10-24T15:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-base", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10684", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10684", - "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", - "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10685", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10685", - "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", - "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-134" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-06-29T23:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17594", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594", - "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 4.6 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 5.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-26T15:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17595", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595", - "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c", - "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 5.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html" - ], - "PublishedDate": "2019-10-14T21:15:00Z", - "LastModifiedDate": "2019-12-23T19:26:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11112", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11112", - "Title": "ncurses: Illegal address access in append_acs function", - "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11113", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11113", - "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", - "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-05-06T15:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13728", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13728", - "Title": "ncurses: Infinite loop in the next_char function", - "Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484274", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13729", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13729", - "Title": "ncurses: Illegal address access in the _nc_save_str function", - "Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13730", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13730", - "Title": "ncurses: Illegal address access in the function _nc_read_entry_source()", - "Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484284", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13731", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13731", - "Title": "ncurses: Illegal address access in the function postprocess_termcap()", - "Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13732", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13732", - "Title": "ncurses: Illegal address access in the function dump_uses()", - "Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484287", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13733", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13733", - "Title": "ncurses: Illegal address access in the function fmt_entry", - "Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484290", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13734", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13734", - "Title": "ncurses: Illegal address access in the function _nc_safe_strcat", - "Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1484291", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734", - "https://security.gentoo.org/glsa/201804-13" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-16879", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-16879", - "Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function", - "Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://invisible-island.net/ncurses/NEWS.html#t20171125", - "http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879", - "https://security.gentoo.org/glsa/201804-13", - "https://tools.cisco.com/security/center/viewAlert.x?alertId=57695" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-10-21T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19211", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19211", - "Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c", - "Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643754", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-23T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-19217", - "PkgName": "ncurses-libs", - "InstalledVersion": "5.9-14.20130511.el7_4", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-19217", - "Title": "ncurses: Null pointer dereference at function _nc_name_match", - "Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 6.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 4.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1643753", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217" - ], - "PublishedDate": "2018-11-12T19:29:00Z", - "LastModifiedDate": "2019-04-18T16:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1951", - "PkgName": "nspr", - "InstalledVersion": "4.21.0-1.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1951", - "Title": "nspr: Memory allocation issue related to PR_*printf functions", - "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", - "V2Score": 7.5, - "V3Score": 8.6 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - } - }, - "References": [ - "http://www.securityfocus.com/bid/92385", - "http://www.securitytracker.com/id/1036590", - "http://www.ubuntu.com/usn/USN-3023-1", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", - "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", - "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", - "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2", - "https://usn.ubuntu.com/usn/usn-3023-1", - "https://usn.ubuntu.com/usn/usn-3028-1" - ], - "PublishedDate": "2016-08-07T19:59:00Z", - "LastModifiedDate": "2016-11-28T20:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2613", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2613", - "Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)", - "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - } - }, - "References": [ - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1485.html", - "http://rhn.redhat.com/errata/RHSA-2015-1488.html", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", - "http://www.securityfocus.com/bid/75871", - "http://www.securitytracker.com/id/1032910", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139", - "https://security.gentoo.org/glsa/201603-11", - "https://security.gentoo.org/glsa/201603-14", - "https://usn.ubuntu.com/usn/usn-2696-1" - ], - "PublishedDate": "2015-07-16T10:59:00Z", - "LastModifiedDate": "2018-01-05T02:30:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7781", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7781", - "Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)", - "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "http://www.securityfocus.com/bid/100383", - "http://www.securitytracker.com/id/1039124", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781", - "https://usn.ubuntu.com/usn/usn-3391-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", - "https://www.mozilla.org/security/advisories/mfsa2017-18/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "FixedVersion": "3.44.0-8.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-1938", - "PkgName": "nss-softokn-freebl", - "InstalledVersion": "3.44.0-5.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1938", - "Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions", - "Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.", - "Severity": "LOW", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V2Score": 6.4, - "V3Score": 6.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "V2Score": 2.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html", - "http://www.debian.org/security/2016/dsa-3688", - "http://www.mozilla.org/security/announce/2016/mfsa2016-07.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.securityfocus.com/bid/81955", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1034825", - "http://www.ubuntu.com/usn/USN-2880-1", - "http://www.ubuntu.com/usn/USN-2880-2", - "http://www.ubuntu.com/usn/USN-2903-1", - "http://www.ubuntu.com/usn/USN-2903-2", - "http://www.ubuntu.com/usn/USN-2973-1", - "https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1190248", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1194947", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c", - "https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c", - "https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c", - "https://security.gentoo.org/glsa/201605-06", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-2880-1", - "https://usn.ubuntu.com/usn/usn-2903-1", - "https://usn.ubuntu.com/usn/usn-2973-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/" - ], - "PublishedDate": "2016-01-31T18:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-sysinit", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2183", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2183", - "Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", - "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", - "http://linux.oracle.com/cve/CVE-2016-2183.html", - "http://linux.oracle.com/errata/ELSA-2018-2123.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", - "http://rhn.redhat.com/errata/RHSA-2017-0336.html", - "http://rhn.redhat.com/errata/RHSA-2017-0337.html", - "http://rhn.redhat.com/errata/RHSA-2017-0338.html", - "http://rhn.redhat.com/errata/RHSA-2017-0462.html", - "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697", - "http://www-01.ibm.com/support/docview.wss?uid=swg21991482", - "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", - "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", - "http://www.securityfocus.com/bid/92630", - "http://www.securityfocus.com/bid/95568", - "http://www.securitytracker.com/id/1036696", - "http://www.splunk.com/view/SP-CAAAPSV", - "http://www.splunk.com/view/SP-CAAAPUE", - "https://access.redhat.com/articles/2548661", - "https://access.redhat.com/errata/RHSA-2016:1940", - "https://access.redhat.com/errata/RHSA-2017:1216", - "https://access.redhat.com/errata/RHSA-2017:2708", - "https://access.redhat.com/errata/RHSA-2017:2709", - "https://access.redhat.com/errata/RHSA-2017:2710", - "https://access.redhat.com/errata/RHSA-2017:3113", - "https://access.redhat.com/errata/RHSA-2017:3114", - "https://access.redhat.com/errata/RHSA-2017:3239", - "https://access.redhat.com/errata/RHSA-2017:3240", - "https://access.redhat.com/errata/RHSA-2018:2123", - "https://access.redhat.com/errata/RHSA-2019:1245", - "https://access.redhat.com/errata/RHSA-2019:2859", - "https://access.redhat.com/security/cve/cve-2016-2183", - "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/", - "https://bto.bluecoat.com/security-advisory/sa133", - "https://bugzilla.redhat.com/show_bug.cgi?id=1369383", - "https://community.qualys.com/thread/16555", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183", - "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", - "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171", - "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/", - "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/", - "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575", - "https://security-tracker.debian.org/tracker/CVE-2016-2183", - "https://security.gentoo.org/glsa/201612-16", - "https://security.gentoo.org/glsa/201701-65", - "https://security.gentoo.org/glsa/201707-01", - "https://security.netapp.com/advisory/ntap-20160915-0001/", - "https://security.netapp.com/advisory/ntap-20170119-0001/", - "https://sweet32.info/", - "https://twitter.com/symantec/status/768786631159603200", - "https://usn.ubuntu.com/usn/usn-3087-1", - "https://usn.ubuntu.com/usn/usn-3179-1", - "https://usn.ubuntu.com/usn/usn-3194-1", - "https://usn.ubuntu.com/usn/usn-3198-1", - "https://usn.ubuntu.com/usn/usn-3270-1", - "https://usn.ubuntu.com/usn/usn-3372-1", - "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html", - "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", - "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/", - "https://www.openssl.org/blog/blog/2016/08/24/sweet32/", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", - "https://www.sigsac.org/ccs/CCS2016/accepted-papers/", - "https://www.suse.com/security/cve/CVE-2016-2183.html", - "https://www.tenable.com/security/tns-2016-16", - "https://www.tenable.com/security/tns-2016-20", - "https://www.tenable.com/security/tns-2016-21", - "https://www.tenable.com/security/tns-2017-09", - "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue" - ], - "PublishedDate": "2016-09-01T00:59:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9074", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9074", - "Title": "nss: Insufficient timing side-channel resistance in divSpoiler", - "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 4.3, - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/94341", - "http://www.securitytracker.com/id/1037298", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", - "https://security.gentoo.org/glsa/201701-15", - "https://security.gentoo.org/glsa/201701-46", - "https://usn.ubuntu.com/usn/usn-3163-1", - "https://www.debian.org/security/2016/dsa-3730", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", - "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-89/", - "https://www.mozilla.org/security/advisories/mfsa2016-90/", - "https://www.mozilla.org/security/advisories/mfsa2016-93/" - ], - "PublishedDate": "2018-06-11T21:29:00Z", - "LastModifiedDate": "2018-08-09T15:12:00Z" - }, - { - "VulnerabilityID": "CVE-2016-9574", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9574", - "Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA", - "Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-384" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.9 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1320695", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574" - ], - "PublishedDate": "2018-07-19T13:29:00Z", - "LastModifiedDate": "2019-10-09T23:20:00Z" - }, - { - "VulnerabilityID": "CVE-2018-18508", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18508", - "Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service", - "Description": "No description is available for this CVE.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-18508.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes", - "https://usn.ubuntu.com/usn/usn-3898-1", - "https://usn.ubuntu.com/usn/usn-3898-2" - ] - }, - { - "VulnerabilityID": "CVE-2019-11719", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11719", - "Title": "nss: Out-of-bounds read when importing curve25519 private key", - "Description": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11719.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1540541", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "FixedVersion": "3.44.0-7.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11756", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11756", - "Title": "nss: UAF in sftk_FreeSession due to improper refcounting", - "Description": "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox \u003c 71.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.1 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1508776", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11756", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756", - "https://www.mozilla.org/security/advisories/mfsa2019-36/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-13T18:02:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17006", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17006", - "Title": "nss: Check length of inputs for cryptographic primitives", - "Description": "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.", - "Severity": "MEDIUM", - "CVSS": { - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", - "https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe", - "https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34", - "https://usn.ubuntu.com/usn/usn-4231-1" - ] - }, - { - "VulnerabilityID": "CVE-2019-11727", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11727", - "Title": "nss: PKCS#1 v1.5 signatures can be used for TLS 1.3", - "Description": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox \u003c 68.", - "Severity": "LOW", - "CweIDs": [ - "CWE-295" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V3Score": 3.4 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11727.html", - "http://linux.oracle.com/errata/ELSA-2019-1951.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1552208", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727", - "https://www.mozilla.org/security/advisories/mfsa2019-21/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-30T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-17023", - "PkgName": "nss-tools", - "InstalledVersion": "3.44.0-4.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17023", - "Title": "nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state", - "Description": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox \u003c 72.", - "Severity": "LOW", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://bugzilla.mozilla.org/show_bug.cgi?id=1590001", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes", - "https://usn.ubuntu.com/4234-1/", - "https://usn.ubuntu.com/usn/usn-4234-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023", - "https://www.mozilla.org/security/advisories/mfsa2020-01/" - ], - "PublishedDate": "2020-01-08T22:15:00Z", - "LastModifiedDate": "2020-01-13T19:43:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11745", - "PkgName": "nss-util", - "InstalledVersion": "3.44.0-3.el7", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11745", - "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate", - "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11745.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes", - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes", - "https://usn.ubuntu.com/4241-1/", - "https://usn.ubuntu.com/usn/usn-4203-1", - "https://usn.ubuntu.com/usn/usn-4203-2", - "https://usn.ubuntu.com/usn/usn-4216-1", - "https://usn.ubuntu.com/usn/usn-4216-2", - "https://usn.ubuntu.com/usn/usn-4241-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745", - "https://www.mozilla.org/security/advisories/mfsa2019-36/", - "https://www.mozilla.org/security/advisories/mfsa2019-37/", - "https://www.mozilla.org/security/advisories/mfsa2019-38/" - ], - "PublishedDate": "2020-01-08T20:15:00Z", - "LastModifiedDate": "2020-01-16T19:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-11729", - "PkgName": "nss-util", - "InstalledVersion": "3.44.0-3.el7", - "FixedVersion": "3.44.0-4.el7_7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11729", - "Title": "nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault", - "Description": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-11729.html", - "http://linux.oracle.com/errata/ELSA-2019-4190.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html", - "https://access.redhat.com/errata/RHSA-2019:1951", - "https://bugzilla.mozilla.org/show_bug.cgi?id=1515342", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", - "https://usn.ubuntu.com/usn/usn-4054-1", - "https://usn.ubuntu.com/usn/usn-4060-1", - "https://usn.ubuntu.com/usn/usn-4060-2", - "https://usn.ubuntu.com/usn/usn-4064-1", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729", - "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729", - "https://www.mozilla.org/security/advisories/mfsa2019-21/", - "https://www.mozilla.org/security/advisories/mfsa2019-22/", - "https://www.mozilla.org/security/advisories/mfsa2019-23/" - ], - "PublishedDate": "2019-07-23T14:15:00Z", - "LastModifiedDate": "2019-07-29T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-1546", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-1546", - "Title": "openldap: slapd crash in valueReturnFilter cleanup", - "Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", - "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html", - "http://secunia.com/advisories/62787", - "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073", - "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a", - "http://www.openldap.org/its/?findid=8046", - "http://www.openwall.com/lists/oss-security/2015/02/07/3", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/100938", - "https://support.apple.com/HT204659" - ], - "PublishedDate": "2015-02-12T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13057", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13057", - "Title": "openldap: Information disclosure issue in slapd component", - "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 3.5, - "V3Score": 4.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9038", - "https://security.netapp.com/advisory/ntap-20190822-0004/", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/?findid=9038", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-08-19T01:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13565", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13565", - "Title": "openldap: ACL restrictions bypass due to sasl_ssf value being set permanently", - "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-287" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "V3Score": 7.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", - "https://openldap.org/its/?findid=9052", - "https://usn.ubuntu.com/4078-1/", - "https://usn.ubuntu.com/4078-2/", - "https://usn.ubuntu.com/usn/usn-4078-1", - "https://usn.ubuntu.com/usn/usn-4078-2", - "https://www.openldap.org/its/index.cgi/?findid=9052", - "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html" - ], - "PublishedDate": "2019-07-26T13:15:00Z", - "LastModifiedDate": "2019-09-24T00:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-4984", - "PkgName": "openldap", - "InstalledVersion": "2.4.44-21.el7_6", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-4984", - "Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file", - "Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 2.7 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1346120" - ], - "PublishedDate": "2017-07-17T13:18:00Z", - "LastModifiedDate": "2019-04-22T17:48:00Z" - }, - { - "VulnerabilityID": "CVE-2015-2808", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-2808", - "Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher", - "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", - "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", - "http://linux.oracle.com/cve/CVE-2015-2808.html", - "http://linux.oracle.com/errata/ELSA-2015-1526.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", - "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", - "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", - "http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2", - "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2", - "http://rhn.redhat.com/errata/RHSA-2015-1006.html", - "http://rhn.redhat.com/errata/RHSA-2015-1007.html", - "http://rhn.redhat.com/errata/RHSA-2015-1020.html", - "http://rhn.redhat.com/errata/RHSA-2015-1021.html", - "http://rhn.redhat.com/errata/RHSA-2015-1091.html", - "http://rhn.redhat.com/errata/RHSA-2015-1228.html", - "http://rhn.redhat.com/errata/RHSA-2015-1229.html", - "http://rhn.redhat.com/errata/RHSA-2015-1230.html", - "http://rhn.redhat.com/errata/RHSA-2015-1241.html", - "http://rhn.redhat.com/errata/RHSA-2015-1242.html", - "http://rhn.redhat.com/errata/RHSA-2015-1243.html", - "http://rhn.redhat.com/errata/RHSA-2015-1526.html", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888", - "http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892", - "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", - "http://www-304.ibm.com/support/docview.wss?uid=swg21903565", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960015", - "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", - "http://www.debian.org/security/2015/dsa-3316", - "http://www.debian.org/security/2015/dsa-3339", - "http://www.huawei.com/en/psirt/security-advisories/hw-454055", - "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", - "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", - "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "http://www.securityfocus.com/bid/73684", - "http://www.securityfocus.com/bid/91787", - "http://www.securitytracker.com/id/1032599", - "http://www.securitytracker.com/id/1032600", - "http://www.securitytracker.com/id/1032707", - "http://www.securitytracker.com/id/1032708", - "http://www.securitytracker.com/id/1032734", - "http://www.securitytracker.com/id/1032788", - "http://www.securitytracker.com/id/1032858", - "http://www.securitytracker.com/id/1032868", - "http://www.securitytracker.com/id/1032910", - "http://www.securitytracker.com/id/1032990", - "http://www.securitytracker.com/id/1033071", - "http://www.securitytracker.com/id/1033072", - "http://www.securitytracker.com/id/1033386", - "http://www.securitytracker.com/id/1033415", - "http://www.securitytracker.com/id/1033431", - "http://www.securitytracker.com/id/1033432", - "http://www.securitytracker.com/id/1033737", - "http://www.securitytracker.com/id/1033769", - "http://www.securitytracker.com/id/1036222", - "http://www.ubuntu.com/usn/USN-2696-1", - "http://www.ubuntu.com/usn/USN-2706-1", - "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808", - "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650", - "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "https://kb.juniper.net/JSA10783", - "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163", - "https://security.gentoo.org/glsa/201512-10", - "https://usn.ubuntu.com/usn/usn-2696-1", - "https://usn.ubuntu.com/usn/usn-2706-1", - "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709", - "https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf" - ], - "PublishedDate": "2015-04-01T02:00:00Z", - "LastModifiedDate": "2018-01-18T18:18:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1547", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1547", - "Title": "openssl: side-channel weak encryption vulnerability", - "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://arxiv.org/abs/1909.01785", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-0735", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-0735", - "Title": "openssl: timing side channel attack in the ECDSA signature generation", - "Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", - "Severity": "LOW", - "CweIDs": [ - "CWE-320" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.1 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-0735.html", - "http://linux.oracle.com/errata/ELSA-2019-3700.html", - "http://www.securityfocus.com/bid/105750", - "http://www.securitytracker.com/id/1041986", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", - "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", - "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "https://security.netapp.com/advisory/ntap-20181105-0002/", - "https://usn.ubuntu.com/3840-1/", - "https://usn.ubuntu.com/usn/usn-3840-1", - "https://www.debian.org/security/2018/dsa-4348", - "https://www.openssl.org/news/secadv/20181029.txt", - "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", - "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" - ], - "PublishedDate": "2018-10-29T13:29:00Z", - "LastModifiedDate": "2019-07-23T23:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.tenable.com/security/tns-2019-09" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2019-12-25T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1563", - "PkgName": "openssl-libs", - "InstalledVersion": "1:1.0.2k-19.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", - "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey", - "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).", - "Severity": "LOW", - "CweIDs": [ - "CWE-311" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 3.7 - } - }, - "References": [ - "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f", - "https://seclists.org/bugtraq/2019/Sep/25", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://www.openssl.org/news/secadv/20190910.txt" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2019-09-12T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8380", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8380", - "Title": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)", - "Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/77695", - "https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1637", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8387", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8387", - "Title": "pcre: Integer overflow in subroutine calls (8.38/8)", - "Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8390", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8390", - "Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)", - "Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8393", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8393", - "Title": "pcre: pcregrep -q is not always quiet (8.38/28)", - "Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8394", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8394", - "Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)", - "Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-189" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/82990", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", - "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", - "https://security.gentoo.org/glsa/201607-02", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6004", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6004", - "Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", - "Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96295", - "http://www.securitytracker.com/id/1037850", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://bugs.exim.org/show_bug.cgi?id=2035", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", - "https://security.gentoo.org/glsa/201706-11", - "https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch" - ], - "PublishedDate": "2017-02-16T11:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7186", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7186", - "Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", - "Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97030", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/", - "https://bugs.exim.org/show_bug.cgi?id=2052", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", - "https://security.gentoo.org/glsa/201710-09", - "https://security.gentoo.org/glsa/201710-25", - "https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date", - "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date" - ], - "PublishedDate": "2017-03-20T00:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2015-8382", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8382", - "Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)", - "Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", - "V2Score": 6.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 1.9 - } - }, - "References": [ - "http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834", - "http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup", - "http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510", - "http://www.openwall.com/lists/oss-security/2015/08/04/2", - "http://www.openwall.com/lists/oss-security/2015/08/04/3", - "http://www.openwall.com/lists/oss-security/2015/11/29/1", - "http://www.securityfocus.com/bid/76157", - "https://bto.bluecoat.com/security-advisory/sa128", - "https://bugs.exim.org/show_bug.cgi?id=1537", - "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", - "https://usn.ubuntu.com/usn/usn-2943-1" - ], - "PublishedDate": "2015-12-02T01:59:00Z", - "LastModifiedDate": "2016-12-28T02:59:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11164", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", - "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", - "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", - "Severity": "LOW", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 7.8, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/07/11/3", - "http://www.securityfocus.com/bid/99575", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" - ], - "PublishedDate": "2017-07-11T03:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7244", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7244", - "Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", - "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7245", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7245", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7246", - "PkgName": "pcre", - "InstalledVersion": "8.32-17.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7246", - "Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring", - "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.7 - } - }, - "References": [ - "http://www.securityfocus.com/bid/97067", - "https://access.redhat.com/errata/RHSA-2018:2486", - "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246", - "https://security.gentoo.org/glsa/201710-25" - ], - "PublishedDate": "2017-03-23T21:59:00Z", - "LastModifiedDate": "2018-08-17T10:29:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1121", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", - "Title": "procps-ng, procps: process hiding through race condition enumerating /proc", - "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", - "Severity": "LOW", - "CweIDs": [ - "CWE-362" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 4.3, - "V3Score": 5.9 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121", - "https://security.gentoo.org/glsa/201805-14", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-06-13T20:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1123", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1123", - "Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow", - "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", - "V3Score": 3.9 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://security.gentoo.org/glsa/201805-14", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.exploit-db.com/exploits/44806/", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1125", - "PkgName": "procps-ng", - "InstalledVersion": "3.3.10-26.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1125", - "Title": "procps-ng, procps: stack buffer overflow in pgrep", - "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "V3Score": 4.4 - } - }, - "References": [ - "http://seclists.org/oss-sec/2018/q2/122", - "http://www.securityfocus.com/bid/104214", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125", - "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html", - "https://usn.ubuntu.com/3658-1/", - "https://usn.ubuntu.com/3658-3/", - "https://usn.ubuntu.com/usn/usn-3658-1", - "https://usn.ubuntu.com/usn/usn-3658-3", - "https://www.debian.org/security/2018/dsa-4208", - "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" - ], - "PublishedDate": "2018-05-23T14:29:00Z", - "LastModifiedDate": "2019-10-09T23:38:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1664", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1664", - "Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/nova/+bug/1100282", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1731-1", - "https://usn.ubuntu.com/usn/usn-1734-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-1665", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-1665", - "Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities", - "Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "V2Score": 5.8 - } - }, - "References": [ - "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "http://bugs.python.org/issue17239", - "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", - "http://rhn.redhat.com/errata/RHSA-2013-0657.html", - "http://rhn.redhat.com/errata/RHSA-2013-0658.html", - "http://rhn.redhat.com/errata/RHSA-2013-0670.html", - "http://ubuntu.com/usn/usn-1757-1", - "http://www.debian.org/security/2013/dsa-2634", - "http://www.openwall.com/lists/oss-security/2013/02/19/2", - "http://www.openwall.com/lists/oss-security/2013/02/19/4", - "https://bugs.launchpad.net/keystone/+bug/1100279", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665", - "https://usn.ubuntu.com/usn/usn-1730-1", - "https://usn.ubuntu.com/usn/usn-1757-1", - "https://www.djangoproject.com/weblog/2013/feb/19/security/" - ], - "PublishedDate": "2013-04-03T00:55:00Z", - "LastModifiedDate": "2013-05-15T03:35:00Z" - }, - { - "VulnerabilityID": "CVE-2013-7040", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7040", - "Title": "python: hash secret can be recovered remotely", - "Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-310" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V2Score": 4.3 - }, - "redhat": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - } - }, - "References": [ - "http://bugs.python.org/issue14621", - "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", - "http://www.openwall.com/lists/oss-security/2013/12/09/13", - "http://www.openwall.com/lists/oss-security/2013/12/09/3", - "http://www.securityfocus.com/bid/64194", - "https://support.apple.com/kb/HT205031" - ], - "PublishedDate": "2014-05-19T14:55:00Z", - "LastModifiedDate": "2019-10-25T11:53:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000158", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000158", - "Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow", - "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 8.1 - } - }, - "References": [ - "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", - "http://www.securitytracker.com/id/1039890", - "https://bugs.python.org/issue30657", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", - "https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html", - "https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", - "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", - "https://security.gentoo.org/glsa/201805-02", - "https://usn.ubuntu.com/usn/usn-3496-1", - "https://usn.ubuntu.com/usn/usn-3496-2", - "https://usn.ubuntu.com/usn/usn-3496-3", - "https://www.debian.org/security/2018/dsa-4307" - ], - "PublishedDate": "2017-11-17T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20852", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20852", - "Title": "python: Cookie domain check returns incorrect results", - "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2018-20852.html", - "http://linux.oracle.com/errata/ELSA-2019-4884.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html", - "https://bugs.python.org/issue35121", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html", - "https://python-security.readthedocs.io/vuln/cookie-domain-check.html", - "https://usn.ubuntu.com/usn/usn-4127-1", - "https://usn.ubuntu.com/usn/usn-4127-2" - ], - "PublishedDate": "2019-07-13T21:15:00Z", - "LastModifiedDate": "2019-08-17T21:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16056", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16056", - "Title": "python: email.utils.parseaddr wrongly parses email addresses", - "Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugs.python.org/issue34155", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", - "https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html", - "https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-06T18:15:00Z", - "LastModifiedDate": "2019-09-11T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-16935", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16935", - "Title": "python: XSS vulnerability in the documentation XML-RPC server in server_title field", - "Description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-79" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "V3Score": 6.1 - } - }, - "References": [ - "https://bugs.python.org/issue38243", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", - "https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897", - "https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213", - "https://github.com/python/cpython/pull/16373", - "https://security.netapp.com/advisory/ntap-20191017-0004/", - "https://usn.ubuntu.com/4151-1/", - "https://usn.ubuntu.com/4151-2/", - "https://usn.ubuntu.com/usn/usn-4151-1", - "https://usn.ubuntu.com/usn/usn-4151-2" - ], - "PublishedDate": "2019-09-28T02:15:00Z", - "LastModifiedDate": "2019-10-09T16:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-18348", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18348", - "Title": "python: CRLF injection via the host part of the url passed to urlopen()", - "Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-74" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "https://bugs.python.org/issue30458#msg347282", - "https://bugzilla.redhat.com/show_bug.cgi?id=1727276", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/", - "https://security.netapp.com/advisory/ntap-20191107-0004/" - ], - "PublishedDate": "2019-10-23T17:15:00Z", - "LastModifiedDate": "2019-11-07T10:15:00Z" - }, - { - "VulnerabilityID": "CVE-2018-1000030", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000030", - "Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c", - "Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119", - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "https://bugs.python.org/issue31530", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", - "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view", - "https://security.gentoo.org/glsa/201811-02", - "https://usn.ubuntu.com/3817-1/", - "https://usn.ubuntu.com/3817-2/", - "https://usn.ubuntu.com/usn/usn-3817-1", - "https://usn.ubuntu.com/usn/usn-3817-2", - "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0" - ], - "PublishedDate": "2018-02-08T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:32:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9674", - "PkgName": "python-libs", - "InstalledVersion": "2.7.5-86.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9674", - "Title": "python: Nested zip file (Zip bomb) vulnerability in Lib/zipfile.py", - "Description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", - "Severity": "LOW", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://bugs.python.org/issue36260", - "https://bugs.python.org/issue36462", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674", - "https://github.com/python/cpython/blob/master/Lib/zipfile.py", - "https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2", - "https://python-security.readthedocs.io/security.html#archives-and-zip-bomb", - "https://security.netapp.com/advisory/ntap-20200221-0003/", - "https://www.python.org/news/security/" - ], - "PublishedDate": "2020-02-04T15:15:00Z", - "LastModifiedDate": "2020-02-24T17:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-7091", - "PkgName": "readline", - "InstalledVersion": "6.2-11.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-7091", - "Title": "sudo: Possible info leak via INPUTRC", - "Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 4.9, - "V3Score": 4.4 - }, - "redhat": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", - "V2Score": 3.6 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2016-7091.html", - "http://linux.oracle.com/errata/ELSA-2016-2593.html", - "http://www.securityfocus.com/bid/92615", - "https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html", - "https://rhn.redhat.com/errata/RHSA-2016-2593.html" - ], - "PublishedDate": "2016-12-22T21:59:00Z", - "LastModifiedDate": "2016-12-23T18:17:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-build-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-libs", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7500", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7500", - "Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation", - "Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1450369", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500", - "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - ], - "PublishedDate": "2018-08-13T17:29:00Z", - "LastModifiedDate": "2019-10-09T23:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7501", - "PkgName": "rpm-python", - "InstalledVersion": "4.11.3-40.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7501", - "Title": "rpm: Following symlinks to files when installing packages allows privilege escalation", - "Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 7.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1452133", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501", - "https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc", - "https://security.gentoo.org/glsa/201811-22" - ], - "PublishedDate": "2017-11-22T22:29:00Z", - "LastModifiedDate": "2018-11-29T11:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13734", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "FixedVersion": "3.7.17-8.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13734", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-787" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V2Score": 6.8 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://linux.oracle.com/cve/CVE-2019-13734.html", - "http://linux.oracle.com/errata/ELSA-2020-0273.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025466", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-5827", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5827", - "Title": "chromium-browser: out-of-bounds access in SQLite", - "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 8.8 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", - "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", - "https://crbug.com/952406", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-06-27T17:15:00Z", - "LastModifiedDate": "2019-07-25T04:15:00Z" - }, - { - "VulnerabilityID": "CVE-2015-7036", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-7036", - "Title": "sqlite: arbitrary code execution on databases with malformed schema", - "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://support.apple.com/kb/HT204941", - "http://support.apple.com/kb/HT204942", - "http://zerodayinitiative.com/advisories/ZDI-15-570/", - "https://security.gentoo.org/glsa/201612-21" - ], - "PublishedDate": "2015-11-22T03:59:00Z", - "LastModifiedDate": "2017-07-01T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-7000", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7000", - "Title": "chromium-browser: pointer disclosure in sqlite", - "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 8.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/98767", - "http://www.securityfocus.com/bid/99950", - "https://access.redhat.com/errata/RHSA-2017:1833", - "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", - "https://security.gentoo.org/glsa/201709-15", - "https://support.apple.com/HT207797", - "https://support.apple.com/HT207798", - "https://www.debian.org/security/2017/dsa-3926", - "https://www.sqlite.org/bindptr.html" - ], - "PublishedDate": "2018-04-03T06:29:00Z", - "LastModifiedDate": "2018-04-27T18:00:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13751", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13751", - "Title": "sqlite: fts3: improve detection of corrupted records", - "Description": "Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025465", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13752", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13752", - "Title": "sqlite: fts3: improve shadow table corruption detection", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025470", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-13753", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13753", - "Title": "sqlite: fts3: incorrectly removed corruption check", - "Description": "Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "V2Score": 4.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "V3Score": 6.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", - "https://access.redhat.com/errata/RHSA-2019:4238", - "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", - "https://crbug.com/1025471", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/" - ], - "PublishedDate": "2019-12-10T22:15:00Z", - "LastModifiedDate": "2019-12-16T12:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19603", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19603", - "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS", - "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603", - "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", - "https://security.netapp.com/advisory/ntap-20191223-0001/", - "https://www.sqlite.org/" - ], - "PublishedDate": "2019-12-09T19:15:00Z", - "LastModifiedDate": "2020-02-03T14:22:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19645", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19645", - "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements", - "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-674" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645", - "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06", - "https://security.netapp.com/advisory/ntap-20191223-0001/" - ], - "PublishedDate": "2019-12-09T16:15:00Z", - "LastModifiedDate": "2019-12-23T05:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19880", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19880", - "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c", - "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880", - "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", - "https://security.netapp.com/advisory/ntap-20200114-0001/" - ], - "PublishedDate": "2019-12-18T06:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19924", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19924", - "Title": "sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting", - "Description": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "V3Score": 5.3 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924", - "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", - "https://security.netapp.com/advisory/ntap-20200114-0003/" - ], - "PublishedDate": "2019-12-24T16:15:00Z", - "LastModifiedDate": "2020-01-14T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20218", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20218", - "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error", - "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-755" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218", - "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387" - ], - "PublishedDate": "2020-01-02T14:16:00Z", - "LastModifiedDate": "2020-01-16T20:35:00Z" - }, - { - "VulnerabilityID": "CVE-2019-8457", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8457", - "Title": "sqlite: heap out-of-bound read in function rtreenode()", - "Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V2Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/", - "https://security.netapp.com/advisory/ntap-20190606-0002/", - "https://usn.ubuntu.com/4004-1/", - "https://usn.ubuntu.com/4004-2/", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4004-1", - "https://usn.ubuntu.com/usn/usn-4004-2", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", - "https://www.sqlite.org/releaselog/3_28_0.html", - "https://www.sqlite.org/src/info/90acdbfce9c08858" - ], - "PublishedDate": "2019-05-30T16:29:00Z", - "LastModifiedDate": "2020-01-15T20:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6153", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6153", - "Title": "sqlite: Tempdir selection vulnerability", - "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "V2Score": 4.6, - "V3Score": 5.9 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", - "V2Score": 1.2, - "V3Score": 2.2 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", - "http://www.openwall.com/lists/oss-security/2016/07/01/1", - "http://www.openwall.com/lists/oss-security/2016/07/01/2", - "http://www.securityfocus.com/bid/91546", - "http://www.sqlite.org/cgi/src/info/67985761aa93fb61", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2", - "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt", - "https://www.sqlite.org/releaselog/3_13_0.html", - "https://www.tenable.com/security/tns-2016-20" - ], - "PublishedDate": "2016-09-26T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-10989", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-10989", - "Title": "sqlite: Heap-buffer overflow in the getNodeSize function", - "Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.", - "Severity": "LOW", - "CweIDs": [ - "CWE-125" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", - "V3Score": 3.6 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2", - "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "http://www.securityfocus.com/bid/99502", - "http://www.securitytracker.com/id/1039427", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://sqlite.org/src/info/66de6f4a", - "https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26", - "https://support.apple.com/HT208112", - "https://support.apple.com/HT208113", - "https://support.apple.com/HT208115", - "https://support.apple.com/HT208144", - "https://usn.ubuntu.com/4019-1/", - "https://usn.ubuntu.com/4019-2/", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-07-07T12:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2017-13685", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13685", - "Title": "sqlite: Local DoS via dump_callback function", - "Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V2Score": 4.3, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", - "http://www.securityfocus.com/bid/100521", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685", - "https://usn.ubuntu.com/usn/usn-4019-1", - "https://usn.ubuntu.com/usn/usn-4019-2" - ], - "PublishedDate": "2017-08-29T06:29:00Z", - "LastModifiedDate": "2017-08-31T01:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-15286", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-15286", - "Title": "sqlite: NULL pointer dereference in tableColumnList", - "Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://www.securityfocus.com/bid/101285", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286", - "https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md" - ], - "PublishedDate": "2017-10-12T08:29:00Z", - "LastModifiedDate": "2017-10-27T14:18:00Z" - }, - { - "VulnerabilityID": "CVE-2018-8740", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-8740", - "Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service", - "Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html", - "http://www.securityfocus.com/bid/103466", - "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964", - "https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740", - "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html", - "https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema", - "https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b" - ], - "PublishedDate": "2018-03-17T00:29:00Z", - "LastModifiedDate": "2019-05-22T03:29:00Z" - }, - { - "VulnerabilityID": "CVE-2019-19244", - "PkgName": "sqlite", - "InstalledVersion": "3.7.17-8.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19244", - "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage", - "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", - "Severity": "LOW", - "CweIDs": [ - "CWE-20" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244", - "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348", - "https://usn.ubuntu.com/4205-1/", - "https://usn.ubuntu.com/usn/usn-4205-1" - ], - "PublishedDate": "2019-11-25T20:15:00Z", - "LastModifiedDate": "2019-12-04T16:11:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2013-4392", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392", - "Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", - "V2Score": 3.3 - } - }, - "References": [ - "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", - "http://www.openwall.com/lists/oss-security/2013/10/01/9", - "https://bugzilla.redhat.com/show_bug.cgi?id=859060" - ], - "PublishedDate": "2013-10-28T22:55:00Z", - "LastModifiedDate": "2013-12-08T06:00:00Z" - }, - { - "VulnerabilityID": "CVE-2017-18078", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-18078", - "Title": "systemd: Unsafe handling of hard links allowing privilege escalation", - "Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-59" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.6, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "V3Score": 6.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html", - "http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html", - "http://www.openwall.com/lists/oss-security/2018/01/29/3", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078", - "https://github.com/systemd/systemd/issues/7736", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://www.exploit-db.com/exploits/43935/", - "https://www.openwall.com/lists/oss-security/2018/01/29/4" - ], - "PublishedDate": "2018-01-29T05:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2018-6954", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6954", - "Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files", - "Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", - "Severity": "MEDIUM", - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V3Score": 7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954", - "https://github.com/systemd/systemd/issues/7986", - "https://usn.ubuntu.com/3816-1/", - "https://usn.ubuntu.com/3816-2/", - "https://usn.ubuntu.com/usn/usn-3816-1", - "https://usn.ubuntu.com/usn/usn-3816-2" - ], - "PublishedDate": "2018-02-13T20:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-3842", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3842", - "Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"", - "Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 4.4, - "V3Score": 7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "V3Score": 4.5 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html", - "http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842", - "https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/", - "https://usn.ubuntu.com/usn/usn-3938-1", - "https://www.exploit-db.com/exploits/46743/" - ], - "PublishedDate": "2019-04-09T21:29:00Z", - "LastModifiedDate": "2019-05-28T00:29:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6349", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6349", - "Title": "oci-register-machine: information exposure for docker containers", - "Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 2.1, - "V3Score": 3.3 - }, - "redhat": { - "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 1.9, - "V3Score": 4 - } - }, - "References": [ - "http://www.openwall.com/lists/oss-security/2016/07/26/9", - "http://www.openwall.com/lists/oss-security/2016/10/13/7", - "http://www.securityfocus.com/bid/92143", - "https://bugzilla.redhat.com/show_bug.cgi?id=1360634", - "https://github.com/projectatomic/oci-register-machine/pull/22" - ], - "PublishedDate": "2017-03-29T20:59:00Z", - "LastModifiedDate": "2017-04-06T13:33:00Z" - }, - { - "VulnerabilityID": "CVE-2019-20386", - "PkgName": "systemd-libs", - "InstalledVersion": "219-67.el7_7.1", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20386", - "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received", - "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", - "Severity": "LOW", - "CweIDs": [ - "CWE-772" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "V3Score": 2.4 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386", - "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", - "https://security.netapp.com/advisory/ntap-20200210-0002/", - "https://usn.ubuntu.com/4269-1/", - "https://usn.ubuntu.com/usn/usn-4269-1" - ], - "PublishedDate": "2020-01-21T06:15:00Z", - "LastModifiedDate": "2020-02-10T11:15:00Z" - }, - { - "VulnerabilityID": "CVE-2016-6321", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-6321", - "Title": "tar: Bypassing the extract path name", - "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-22" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 5.1 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", - "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", - "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", - "http://seclists.org/fulldisclosure/2016/Oct/102", - "http://seclists.org/fulldisclosure/2016/Oct/96", - "http://www.debian.org/security/2016/dsa-3702", - "http://www.securityfocus.com/bid/93937", - "http://www.ubuntu.com/usn/USN-3132-1", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", - "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt", - "https://usn.ubuntu.com/usn/usn-3132-1" - ], - "PublishedDate": "2016-12-09T22:59:00Z", - "LastModifiedDate": "2017-07-01T01:30:00Z" - }, - { - "VulnerabilityID": "CVE-2018-20482", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20482", - "Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c", - "Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", - "Severity": "LOW", - "CweIDs": [ - "CWE-835" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 1.9, - "V3Score": 4.7 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", - "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://www.securityfocus.com/bid/106354", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", - "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", - "https://news.ycombinator.com/item?id=18745431", - "https://security.gentoo.org/glsa/201903-05", - "https://twitter.com/thatcks/status/1076166645708668928", - "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" - ], - "PublishedDate": "2018-12-26T18:29:00Z", - "LastModifiedDate": "2019-10-03T00:03:00Z" - }, - { - "VulnerabilityID": "CVE-2019-9923", - "PkgName": "tar", - "InstalledVersion": "2:1.26-35.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9923", - "Title": "tar: null-pointer dereference in pax_decode_header in sparse.c", - "Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", - "Severity": "LOW", - "CweIDs": [ - "CWE-476" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V2Score": 5, - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", - "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", - "http://savannah.gnu.org/bugs/?55369", - "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" - ], - "PublishedDate": "2019-03-22T08:29:00Z", - "LastModifiedDate": "2019-04-24T19:02:00Z" - }, - { - "VulnerabilityID": "CVE-2014-9114", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2014-9114", - "Title": "util-linux: command injection flaw in blkid", - "Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-77" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V2Score": 6.2 - } - }, - "References": [ - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html", - "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html", - "http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html", - "http://www.openwall.com/lists/oss-security/2014/11/26/21", - "http://www.securityfocus.com/bid/71327", - "https://bugzilla.redhat.com/show_bug.cgi?id=1168485", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114", - "https://exchange.xforce.ibmcloud.com/vulnerabilities/98993", - "https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc", - "https://security.gentoo.org/glsa/201612-14" - ], - "PublishedDate": "2017-03-31T16:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2016-2779", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2779", - "Title": "util-linux: runuser tty hijack via TIOCSTI ioctl", - "Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-264" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.2, - "V3Score": 7.8 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "V2Score": 6.2, - "V3Score": 8.6 - } - }, - "References": [ - "http://marc.info/?l=util-linux-ng\u0026m=145694736107128\u0026w=2", - "http://www.openwall.com/lists/oss-security/2016/02/27/1", - "http://www.openwall.com/lists/oss-security/2016/02/27/2", - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" - ], - "PublishedDate": "2017-02-07T15:59:00Z", - "LastModifiedDate": "2019-01-04T14:14:00Z" - }, - { - "VulnerabilityID": "CVE-2015-5218", - "PkgName": "util-linux", - "InstalledVersion": "2.23.2-61.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5218", - "Title": "colcrt: global-buffer-overflow", - "Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.", - "Severity": "LOW", - "CweIDs": [ - "CWE-119" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", - "V2Score": 2.1 - }, - "redhat": { - "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "V2Score": 3.7 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html", - "http://www.spinics.net/lists/util-linux-ng/msg11873.html", - "https://bugzilla.redhat.com/show_bug.cgi?id=1259322", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218", - "https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8", - "https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec", - "https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes" - ], - "PublishedDate": "2015-11-09T16:59:00Z", - "LastModifiedDate": "2018-10-30T16:27:00Z" - }, - { - "VulnerabilityID": "CVE-2017-1000382", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-1000382", - "Title": "vim: Ignores umask when creating a swap file", - "Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://security.cucumberlinux.com/security/details.php?id=120", - "http://www.openwall.com/lists/oss-security/2017/10/31/1" - ], - "PublishedDate": "2017-10-31T20:29:00Z", - "LastModifiedDate": "2017-11-27T16:24:00Z" - }, - { - "VulnerabilityID": "CVE-2017-11109", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11109", - "Title": "vim: Use-after-free via crafted file", - "Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.", - "Severity": "LOW", - "CweIDs": [ - "CWE-416" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "V2Score": 6.8, - "V3Score": 7.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 3.3 - } - }, - "References": [ - "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html", - "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html", - "https://www.mail-archive.com/vim_dev@googlegroups.com/msg45274.html" - ], - "PublishedDate": "2017-07-08T17:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-17087", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17087", - "Title": "vim: Sets the group ownership of a .swp file to the editor's primary group", - "Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.", - "Severity": "LOW", - "CweIDs": [ - "CWE-200" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V2Score": 2.1, - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "V3Score": 5.5 - } - }, - "References": [ - "http://openwall.com/lists/oss-security/2017/11/27/2", - "http://security.cucumberlinux.com/security/details.php?id=166", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087", - "https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8", - "https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ", - "https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html" - ], - "PublishedDate": "2017-12-01T08:29:00Z", - "LastModifiedDate": "2019-08-03T13:15:00Z" - }, - { - "VulnerabilityID": "CVE-2017-5953", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-5953", - "Title": "vim: Tree length values not validated properly when handling a spell file", - "Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.debian.org/security/2017/dsa-3786", - "http://www.securityfocus.com/bid/96217", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953", - "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", - "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", - "https://security.gentoo.org/glsa/201706-26", - "https://usn.ubuntu.com/4016-1/", - "https://usn.ubuntu.com/usn/usn-4016-1" - ], - "PublishedDate": "2017-02-10T07:59:00Z", - "LastModifiedDate": "2019-06-11T20:29:00Z" - }, - { - "VulnerabilityID": "CVE-2017-6350", - "PkgName": "vim-minimal", - "InstalledVersion": "2:7.4.629-6.el7", - "Layer": { - "DiffID": "sha256:4468e6d912c76d5b127f3554c3cd83b7dc07cce6107c6b916299ba76fa7d15ac" - }, - "SeveritySource": "redhat", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-6350", - "Title": "vim: Integer overflow at an unserialize_uep memory allocation site", - "Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.", - "Severity": "LOW", - "CweIDs": [ - "CWE-190" - ], - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "V2Score": 7.5, - "V3Score": 9.8 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "V3Score": 2.5 - } - }, - "References": [ - "http://www.securityfocus.com/bid/96448", - "http://www.securitytracker.com/id/1037949", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350", - "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75", - "https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q", - "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", - "https://security.gentoo.org/glsa/201706-26" - ], - "PublishedDate": "2017-02-27T07:59:00Z", - "LastModifiedDate": "2018-08-13T21:47:00Z" + "LastModifiedDate": "2021-05-26T12:15:00Z" } ] } diff --git a/integration/testdata/ubuntu-1804.json.golden b/integration/testdata/ubuntu-1804.json.golden index 896d442041..1877a29c4f 100644 --- a/integration/testdata/ubuntu-1804.json.golden +++ b/integration/testdata/ubuntu-1804.json.golden @@ -99,6 +99,7 @@ }, "References": [ "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html", + "https://access.redhat.com/security/cve/CVE-2019-18276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276", "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff", "https://linux.oracle.com/cve/CVE-2019-18276.html", diff --git a/pkg/detector/ospkg/redhat/redhat.go b/pkg/detector/ospkg/redhat/redhat.go index 8b9eaf6998..cbe651fc38 100644 --- a/pkg/detector/ospkg/redhat/redhat.go +++ b/pkg/detector/ospkg/redhat/redhat.go @@ -1,6 +1,8 @@ package redhat import ( + "fmt" + "sort" "strings" "time" @@ -10,13 +12,30 @@ import ( "github.com/aquasecurity/fanal/analyzer/os" ftypes "github.com/aquasecurity/fanal/types" - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/redhat" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + ustrings "github.com/aquasecurity/trivy-db/pkg/utils/strings" + redhat "github.com/aquasecurity/trivy-db/pkg/vulnsrc/redhat-oval" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/scanner/utils" "github.com/aquasecurity/trivy/pkg/types" ) var ( + defaultContentSets = map[string][]string{ + "6": { + "rhel-6-server-rpms", + "rhel-6-server-extras-rpms", + }, + "7": { + "rhel-7-server-rpms", + "rhel-7-server-extras-rpms", + }, + "8": { + "rhel-8-for-x86_64-baseos-rpms", + "rhel-8-for-x86_64-appstream-rpms", + }, + } redhatEOLDates = map[string]time.Time{ "4": time.Date(2017, 5, 31, 23, 59, 59, 0, time.UTC), "5": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC), @@ -77,61 +96,98 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV if strings.Count(osVer, ".") > 0 { osVer = osVer[:strings.Index(osVer, ".")] } - log.Logger.Debugf("redhat: os version: %s", osVer) - log.Logger.Debugf("redhat: the number of packages: %d", len(pkgs)) + log.Logger.Debugf("Red Hat: os version: %s", osVer) + log.Logger.Debugf("Red Hat: the number of packages: %d", len(pkgs)) var vulns []types.DetectedVulnerability for _, pkg := range pkgs { - if !s.isFromSupportedVendor(pkg) { + if !isFromSupportedVendor(pkg) { log.Logger.Debugf("Skipping %s: unsupported vendor", pkg.Name) continue } - // For Red Hat Security Data API containing only source package names - pkgName := addModularNamespace(pkg.SrcName, pkg.Modularitylabel) - advisories, err := s.vs.Get(osVer, pkgName) + detectedVulns, err := s.detect(osVer, pkg) if err != nil { - return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err) + return nil, xerrors.Errorf("redhat vulnerability detection error: %w", err) + } + vulns = append(vulns, detectedVulns...) + } + return vulns, nil +} + +func (s *Scanner) detect(osVer string, pkg ftypes.Package) ([]types.DetectedVulnerability, error) { + // For Red Hat OVAL v2 containing only binary package names + pkgName := addModularNamespace(pkg.Name, pkg.Modularitylabel) + + var contentSets []string + var nvr string + if pkg.BuildInfo == nil { + contentSets = defaultContentSets[osVer] + } else { + contentSets = pkg.BuildInfo.ContentSets + nvr = fmt.Sprintf("%s-%s", pkg.BuildInfo.Nvr, pkg.BuildInfo.Arch) + } + + advisories, err := s.vs.Get(pkgName, contentSets, []string{nvr}) + if err != nil { + return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err) + } + + installed := utils.FormatVersion(pkg) + installedVersion := version.NewVersion(installed) + + uniqVulns := map[string]types.DetectedVulnerability{} + for _, adv := range advisories { + vulnID := adv.VulnerabilityID + vuln := types.DetectedVulnerability{ + VulnerabilityID: vulnID, + PkgName: pkg.Name, + InstalledVersion: utils.FormatVersion(pkg), + Layer: pkg.Layer, + SeveritySource: vulnerability.RedHat, + Vulnerability: dbTypes.Vulnerability{ + Severity: adv.Severity.String(), + }, + Custom: adv.Custom, } - installed := utils.FormatVersion(pkg) - installedVersion := version.NewVersion(installed) - - for _, adv := range advisories { - if adv.FixedVersion != "" { - continue - } - vuln := types.DetectedVulnerability{ - VulnerabilityID: adv.VulnerabilityID, - PkgName: pkg.Name, - InstalledVersion: installed, - Layer: pkg.Layer, - Custom: adv.Custom, - } - vulns = append(vulns, vuln) + // unpatched vulnerabilities + if adv.FixedVersion == "" { + uniqVulns[vulnID] = vuln + continue } - // For Red Hat OVAL v2 containing only binary package names - pkgName = addModularNamespace(pkg.Name, pkg.Modularitylabel) - advisories, err = s.vs.Get(osVer, pkgName) - if err != nil { - return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err) - } + // patched vulnerabilities + fixedVersion := version.NewVersion(adv.FixedVersion) + if installedVersion.LessThan(fixedVersion) { + vuln.VendorIDs = adv.VendorIDs + vuln.FixedVersion = fixedVersion.String() - for _, adv := range advisories { - fixedVersion := version.NewVersion(adv.FixedVersion) - if installedVersion.LessThan(fixedVersion) { - vuln := types.DetectedVulnerability{ - VulnerabilityID: adv.VulnerabilityID, - PkgName: pkg.Name, - InstalledVersion: installed, - FixedVersion: fixedVersion.String(), - Layer: pkg.Layer, + if v, ok := uniqVulns[vulnID]; ok { + // In case two advisories resolve the same CVE-ID. + // e.g. The first fix might be incomplete. + v.VendorIDs = ustrings.Unique(append(v.VendorIDs, vuln.VendorIDs...)) + + // The newer fixed version should be taken. + if version.NewVersion(v.FixedVersion).LessThan(fixedVersion) { + v.FixedVersion = vuln.FixedVersion } - vulns = append(vulns, vuln) + uniqVulns[vulnID] = v + } else { + uniqVulns[vulnID] = vuln } } } + + var vulns []types.DetectedVulnerability + for _, vuln := range uniqVulns { + vulns = append(vulns, vuln) + } + + sort.Slice(vulns, func(i, j int) bool { + return vulns[i].VulnerabilityID < vulns[j].VulnerabilityID + }) + return vulns, nil } @@ -156,9 +212,9 @@ func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { return s.clock.Now().Before(eolDate) } -func (s *Scanner) isFromSupportedVendor(pkg ftypes.Package) bool { - for _, s := range excludedVendorsSuffix { - if strings.HasSuffix(pkg.Release, s) { +func isFromSupportedVendor(pkg ftypes.Package) bool { + for _, suffix := range excludedVendorsSuffix { + if strings.HasSuffix(pkg.Release, suffix) { return false } } diff --git a/pkg/detector/ospkg/redhat/redhat_test.go b/pkg/detector/ospkg/redhat/redhat_test.go index 45cee25c7f..83b0a2c716 100644 --- a/pkg/detector/ospkg/redhat/redhat_test.go +++ b/pkg/detector/ospkg/redhat/redhat_test.go @@ -1,23 +1,28 @@ package redhat_test import ( - "sort" + "os" "testing" "time" - "github.com/aquasecurity/trivy-db/pkg/db" - "github.com/aquasecurity/trivy/pkg/dbtest" - "github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat" - + "github.com/stretchr/testify/require" fake "k8s.io/utils/clock/testing" ftypes "github.com/aquasecurity/fanal/types" - + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" + "github.com/aquasecurity/trivy/pkg/dbtest" + "github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat" + "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/types" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) +func TestMain(m *testing.M) { + log.InitLogger(false, false) + os.Exit(m.Run()) +} + func TestScanner_Detect(t *testing.T) { type args struct { osVer string @@ -28,11 +33,14 @@ func TestScanner_Detect(t *testing.T) { fixtures []string args args want []types.DetectedVulnerability - wantErr string + wantErr bool }{ { - name: "happy path: src pkg name is different from bin pkg name", - fixtures: []string{"testdata/fixtures/redhat.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/redhat.yaml", + "testdata/fixtures/cpe.yaml", + }, args: args{ osVer: "7.6", pkgs: []ftypes.Package{ @@ -49,6 +57,9 @@ func TestScanner_Detect(t *testing.T) { Layer: ftypes.Layer{ DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, + BuildInfo: &ftypes.BuildInfo{ + ContentSets: []string{"rhel-7-server-rpms"}, + }, }, }, }, @@ -57,23 +68,24 @@ func TestScanner_Detect(t *testing.T) { VulnerabilityID: "CVE-2017-5953", PkgName: "vim-minimal", InstalledVersion: "2:7.4.160-5.el7", - Layer: ftypes.Layer{ - DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + SeveritySource: vulnerability.RedHat, + Vulnerability: dbTypes.Vulnerability{ + Severity: dbTypes.SeverityLow.String(), }, - }, - { - VulnerabilityID: "CVE-2017-6350", - PkgName: "vim-minimal", - InstalledVersion: "2:7.4.160-5.el7", Layer: ftypes.Layer{ DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, }, { VulnerabilityID: "CVE-2019-12735", + VendorIDs: []string{"RHSA-2019:1619"}, PkgName: "vim-minimal", InstalledVersion: "2:7.4.160-5.el7", FixedVersion: "2:7.4.160-6.el7_6", + SeveritySource: vulnerability.RedHat, + Vulnerability: dbTypes.Vulnerability{ + Severity: dbTypes.SeverityHigh.String(), + }, Layer: ftypes.Layer{ DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, @@ -81,10 +93,13 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "happy path: src pkg name is the same as bin pkg name", - fixtures: []string{"testdata/fixtures/redhat.yaml"}, + name: "happy path: multiple RHSA-IDs", + fixtures: []string{ + "testdata/fixtures/redhat.yaml", + "testdata/fixtures/cpe.yaml", + }, args: args{ - osVer: "7.3", + osVer: "7.5", pkgs: []ftypes.Package{ { Name: "nss", @@ -96,57 +111,117 @@ func TestScanner_Detect(t *testing.T) { SrcVersion: "3.36.0", SrcRelease: "7.4.160", SrcEpoch: 0, + Layer: ftypes.Layer{ + DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + }, + BuildInfo: &ftypes.BuildInfo{ + ContentSets: []string{"rhel-7-server-rpms"}, + }, }, }, }, want: []types.DetectedVulnerability{ { - VulnerabilityID: "CVE-2015-2808", + VulnerabilityID: "CVE-2019-17007", + VendorIDs: []string{"RHSA-2021:0876"}, PkgName: "nss", InstalledVersion: "3.36.0-7.1.el7_6", + FixedVersion: "3.36.0-9.el7_6", + SeveritySource: vulnerability.RedHat, + Vulnerability: dbTypes.Vulnerability{ + Severity: dbTypes.SeverityMedium.String(), + }, + Layer: ftypes.Layer{ + DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + }, }, { - VulnerabilityID: "CVE-2016-2183", + VulnerabilityID: "CVE-2020-12403", + VendorIDs: []string{"RHSA-2021:0538", "RHSA-2021:0876"}, PkgName: "nss", InstalledVersion: "3.36.0-7.1.el7_6", - }, - { - VulnerabilityID: "CVE-2018-12404", - PkgName: "nss", - InstalledVersion: "3.36.0-7.1.el7_6", - FixedVersion: "3.44.0-4.el7", + FixedVersion: "3.53.1-17.el7_3", + SeveritySource: vulnerability.RedHat, + Vulnerability: dbTypes.Vulnerability{ + Severity: dbTypes.SeverityHigh.String(), + }, + Layer: ftypes.Layer{ + DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", + }, }, }, }, { - name: "happy path: modular packages", - fixtures: []string{"testdata/fixtures/redhat.yaml"}, + name: "no build info", + fixtures: []string{ + "testdata/fixtures/redhat.yaml", + "testdata/fixtures/cpe.yaml", + }, + args: args{ + osVer: "8.3", + pkgs: []ftypes.Package{ + { + Name: "vim-minimal", + Version: "7.4.160", + Release: "5.el8", + Epoch: 2, + Arch: "x86_64", + }, + }, + }, + want: []types.DetectedVulnerability{ + { + VulnerabilityID: "CVE-2019-12735", + VendorIDs: []string{"RHSA-2019:1619"}, + PkgName: "vim-minimal", + InstalledVersion: "2:7.4.160-5.el8", + FixedVersion: "2:7.4.160-7.el8_7", + SeveritySource: vulnerability.RedHat, + Vulnerability: dbTypes.Vulnerability{ + Severity: dbTypes.SeverityMedium.String(), + }, + }, + }, + }, + { + name: "modular packages", + fixtures: []string{ + "testdata/fixtures/redhat.yaml", + "testdata/fixtures/cpe.yaml", + }, args: args{ osVer: "8.3", pkgs: []ftypes.Package{ { Name: "php", - Version: "7.2.24", + Version: "7.2.10", Release: "1.module_el8.2.0+313+b04d0a66", Arch: "x86_64", - Epoch: 0, SrcName: "php", - SrcVersion: "7.2.24", + SrcVersion: "7.2.10", SrcRelease: "1.module_el8.2.0+313+b04d0a66", - SrcEpoch: 0, Modularitylabel: "php:7.2:8020020200507003613:2c7ca891", Layer: ftypes.Layer{ DiffID: "sha256:3e968ecc016e1b9aa19023798229bf2d25c813d1bf092533f38b056aff820524", }, + BuildInfo: &ftypes.BuildInfo{ + Nvr: "ubi8-init-container-8.0-7", + Arch: "x86_64", + }, }, }, }, want: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-11043", + VendorIDs: []string{"RHSA-2020:0322"}, PkgName: "php", - InstalledVersion: "7.2.24-1.module_el8.2.0+313+b04d0a66", - FixedVersion: "7.3.5-5.module+el8.1.0+4560+e0eee7d6", + InstalledVersion: "7.2.10-1.module_el8.2.0+313+b04d0a66", + FixedVersion: "7.2.11-1.1.module+el8.0.0+4664+17bd8d65", + SeveritySource: vulnerability.RedHat, + Vulnerability: dbTypes.Vulnerability{ + Severity: dbTypes.SeverityCritical.String(), + }, Layer: ftypes.Layer{ DiffID: "sha256:3e968ecc016e1b9aa19023798229bf2d25c813d1bf092533f38b056aff820524", }, @@ -154,23 +229,17 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "happy path: packages from remi repository are skipped", - fixtures: []string{"testdata/fixtures/redhat.yaml"}, + name: "packages from remi repository are skipped", args: args{ osVer: "7.6", pkgs: []ftypes.Package{ { - Name: "php", - Version: "7.3.23", - Release: "1.el7.remi", - Arch: "x86_64", - Epoch: 0, - SrcName: "php", - SrcVersion: "7.3.23", - SrcRelease: "1.el7.remi", - SrcEpoch: 0, - Layer: ftypes.Layer{ - DiffID: "sha256:c27b3cf4d516baf5932d5df3a573c6a571ddace3ee2a577492292d2e849c112b", + Name: "php", + Version: "7.3.23", + Release: "1.el7.remi", + Arch: "x86_64", + BuildInfo: &ftypes.BuildInfo{ + ContentSets: []string{"rhel-7-server-rpms"}, }, }, }, @@ -178,38 +247,35 @@ func TestScanner_Detect(t *testing.T) { want: []types.DetectedVulnerability(nil), }, { - name: "invalid bucket", - fixtures: []string{"testdata/fixtures/invalid.yaml"}, + name: "broken value", + fixtures: []string{ + "testdata/fixtures/invalid-type.yaml", + "testdata/fixtures/cpe.yaml", + }, args: args{ - osVer: "6", + osVer: "7", pkgs: []ftypes.Package{ { - Name: "jq", - Version: "3.36.0", - SrcName: "jq", - SrcVersion: "3.36.0", + Name: "nss", + Version: "3.36.0", + Release: "7.1.el7_6", + Arch: "x86_64", + BuildInfo: &ftypes.BuildInfo{ + ContentSets: []string{"rhel-7-server-rpms"}, + }, }, }, }, - wantErr: "failed to get Red Hat advisories", + wantErr: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - _ = dbtest.InitDB(t, tt.fixtures) - defer db.Close() + dbtest.InitDB(t, tt.fixtures) s := redhat.NewScanner() got, err := s.Detect(tt.args.osVer, tt.args.pkgs) - if tt.wantErr != "" { - require.Error(t, err) - assert.Contains(t, err.Error(), tt.wantErr) - return - } - sort.Slice(got, func(i, j int) bool { - return got[i].VulnerabilityID < got[j].VulnerabilityID - }) - assert.NoError(t, err) + require.Equal(t, tt.wantErr, err != nil, err) assert.Equal(t, tt.want, got) }) } diff --git a/pkg/detector/ospkg/redhat/testdata/fixtures/cpe.yaml b/pkg/detector/ospkg/redhat/testdata/fixtures/cpe.yaml new file mode 100644 index 0000000000..806e6ea625 --- /dev/null +++ b/pkg/detector/ospkg/redhat/testdata/fixtures/cpe.yaml @@ -0,0 +1,32 @@ +- bucket: Red Hat CPE + pairs: + - bucket: repository + pairs: + - key: "rhel-8-for-x86_64-baseos-rpms" + value: + - 2 + - 4 + - key: "3scale-amp-2-rpms-for-rhel-8-x86_64-debug-rpms" + value: + - 4 + - key: "rhel-7-server-rpms" + value: + - 0 + - bucket: nvr + pairs: + - key: "ubi8-init-container-8.0-7-x86_64" + value: + - 2 + - 3 + - bucket: cpe + pairs: + - key: "0" + value: "cpe:/o:redhat:enterprise_linux:7::server" + - key: "1" + value: "cpe:/o:redhat:enterprise_linux:7::client" + - key: "2" + value: "cpe:/a:redhat:enterprise_linux:8" + - key: "3" + value: "cpe:/a:redhat:enterprise_linux:8::appstream" + - key: "4" + value: "cpe:/o:redhat:enterprise_linux:8::baseos" diff --git a/pkg/detector/ospkg/redhat/testdata/fixtures/invalid-type.yaml b/pkg/detector/ospkg/redhat/testdata/fixtures/invalid-type.yaml new file mode 100644 index 0000000000..1c9ed1eeaa --- /dev/null +++ b/pkg/detector/ospkg/redhat/testdata/fixtures/invalid-type.yaml @@ -0,0 +1,7 @@ +- bucket: Red Hat + pairs: + - bucket: nss + pairs: + - key: RHSA-2021:0538 + value: + Entries: broken \ No newline at end of file diff --git a/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml b/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml index 65a5473265..df8d9e169c 100644 --- a/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml +++ b/pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml @@ -1,38 +1,77 @@ -- bucket: Red Hat Enterprise Linux 7 +- bucket: Red Hat pairs: - - bucket: php - pairs: - - key: CVE-2011-4718 - value: - FixedVersion: "" - - bucket: vim - pairs: - - key: CVE-2017-5953 - value: - FixedVersion: "" - - key: CVE-2017-6350 - value: - FixedVersion: "" - bucket: vim-minimal pairs: - - key: CVE-2019-12735 + - key: RHSA-2019:1619 value: - FixedVersion: "2:7.4.160-6.el7_6" + Entries: + - FixedVersion: 2:7.4.160-6.el7_6 + Affected: + - 0 + - 1 + Cves: + - ID: CVE-2019-12735 + Severity: 3 + - FixedVersion: 2:7.4.160-7.el8_7 + Affected: + - 2 + - 3 + Cves: + - ID: CVE-2019-12735 + Severity: 2 + - key: CVE-2017-5953 + value: + Entries: + - FixedVersion: "" + Affected: + - 0 + - 1 + Cves: + - Severity: 1 - bucket: nss pairs: - - key: CVE-2015-2808 + - key: RHSA-2021:0538 value: - FixedVersion: "" - - key: CVE-2016-2183 + Entries: + - FixedVersion: 0:3.53.1-17.el7_3 + Affected: + - 0 + - 1 + Cves: + - ID: CVE-2020-12403 + Severity: 3 + - key: RHSA-2021:0876 value: - FixedVersion: "" - - key: CVE-2018-12404 - value: - FixedVersion: "3.44.0-4.el7" -- bucket: Red Hat Enterprise Linux 8 - pairs: + Entries: + - FixedVersion: 0:3.36.0-9.el7_6 + Affected: + - 0 + - 1 + Cves: + - ID: CVE-2019-17007 + Severity: 2 + - ID: CVE-2020-12403 + Severity: 3 - bucket: "php:7.2::php" pairs: - - key: CVE-2019-11043 + - key: RHSA-2020:0322 value: - FixedVersion: "7.3.5-5.module+el8.1.0+4560+e0eee7d6" \ No newline at end of file + Entries: + - FixedVersion: "0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65" + Affected: + - 2 + - 3 + Cves: + - ID: CVE-2019-11043 + Severity: 4 + - bucket: php + pairs: + - key: CVE-2006-4023 + value: + Entries: + - FixedVersion: """ + Affected: + - 0 + - 1 + Cves: + - Severity: 1 diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go index 043a148019..86602b3f4b 100644 --- a/pkg/scanner/local/scan.go +++ b/pkg/scanner/local/scan.go @@ -11,9 +11,7 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/fanal/analyzer" - _ "github.com/aquasecurity/fanal/analyzer/all" "github.com/aquasecurity/fanal/applier" - _ "github.com/aquasecurity/fanal/hook/all" ftypes "github.com/aquasecurity/fanal/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/detector/library" @@ -22,6 +20,9 @@ import ( "github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/pkg/utils" + + _ "github.com/aquasecurity/fanal/analyzer/all" + _ "github.com/aquasecurity/fanal/hook/all" ) var (