starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-01 11:19:52 +03:00
Code Issues 32 Packages Projects Releases 12 Wiki Activity

Vulnerabilities scan with Trivy #916

New Issue
Closed
opened 2026-02-04 23:20:04 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2026-02-04 23:20:04 +03:00
Owner
Copy Link

Originally created by @thelittlefireman on GitHub (Feb 2, 2021).

Hi,
could it be possible to add trivy scan on CI on docker image ?

The image base on alpine is safe, but on debian (latest) contains lots of CVE :

docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:alpine
docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:latest

alpine result :

2021-02-02T15:58:43.847Z        INFO    Detecting Alpine vulnerabilities...
2021-02-02T15:58:43.852Z        INFO    Trivy skips scanning programming language libraries because no supported file was detected

bitwardenrs/server:alpine (alpine 3.12.3)
=========================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

debian result :

2021-02-02T15:54:59.426Z	WARN	You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2021-02-02T15:55:02.257Z	INFO	Detecting Debian vulnerabilities...
2021-02-02T15:55:02.345Z	INFO	Trivy skips scanning programming language libraries because no supported file was detected

bitwardenrs/server:latest (debian 10.7)
=======================================
Total: 291 (UNKNOWN: 4, LOW: 164, MEDIUM: 46, HIGH: 77, CRITICAL: 0)

+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
|       LIBRARY       |  VULNERABILITY ID   | SEVERITY |   INSTALLED VERSION   |   FIXED VERSION   |                            TITLE                             |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| apt                 | CVE-2011-3374       | LOW      | 1.8.2.2               |                   | It was found that apt-key in apt,                            |
|                     |                     |          |                       |                   | all versions, do not correctly...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| bash                | CVE-2019-18276      |          | 5.0-4                 |                   | bash: when effective UID is not                              |
|                     |                     |          |                       |                   | equal to its real UID the...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-18276                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0841856-B18BAF |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| coreutils           | CVE-2016-2781       |          | 8.30-3                |                   | coreutils: Non-privileged                                    |
|                     |                     |          |                       |                   | session can escape to the                                    |
|                     |                     |          |                       |                   | parent session in chroot                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-2781                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-18018      |          |                       |                   | coreutils: race condition                                    |
|                     |                     |          |                       |                   | vulnerability in chown and chgrp                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-18018                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| curl                | CVE-2020-8169       | HIGH     | 7.64.0-4+deb10u1      |                   | libcurl: partial password                                    |
|                     |                     |          |                       |                   | leak over DNS on HTTP redirect                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8177       |          |                       |                   | curl: Incorrect argument                                     |
|                     |                     |          |                       |                   | check can allow remote servers                               |
|                     |                     |          |                       |                   | to overwrite local files...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8177                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8231       |          |                       |                   | curl: Expired pointer                                        |
|                     |                     |          |                       |                   | dereference via multi API with                               |
|                     |                     |          |                       |                   | `CURLOPT_CONNECT_ONLY` option set                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8231                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8285       |          |                       |                   | curl: malicious FTP server can                               |
|                     |                     |          |                       |                   | trigger stack overflow when                                  |
|                     |                     |          |                       |                   | CURLOPT_CHUNK_BGN_FUNCTION                                   |
|                     |                     |          |                       |                   | is used...                                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8285                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8286       |          |                       |                   | curl: inferior OCSP verification                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8286                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8284       | LOW      |                       |                   | curl: dangerous nature                                       |
|                     |                     |          |                       |                   | of PASV command could                                        |
|                     |                     |          |                       |                   | be used to make curl...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8284                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| gcc-8-base          | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| gpgv                | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1      |                   | gnupg2: OpenPGP Key Certification                            |
|                     |                     |          |                       |                   | Forgeries with SHA-1                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-14855                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libapt-pkg5.0       | CVE-2011-3374       |          | 1.8.2.2               |                   | It was found that apt-key in apt,                            |
|                     |                     |          |                       |                   | all versions, do not correctly...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libc-bin            | CVE-2020-1751       | HIGH     | 2.28-10               |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc-dev-bin        | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc6               | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc6-dev           | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libcurl4            | CVE-2020-8169       | HIGH     | 7.64.0-4+deb10u1      |                   | libcurl: partial password                                    |
|                     |                     |          |                       |                   | leak over DNS on HTTP redirect                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8177       |          |                       |                   | curl: Incorrect argument                                     |
|                     |                     |          |                       |                   | check can allow remote servers                               |
|                     |                     |          |                       |                   | to overwrite local files...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8177                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8231       |          |                       |                   | curl: Expired pointer                                        |
|                     |                     |          |                       |                   | dereference via multi API with                               |
|                     |                     |          |                       |                   | `CURLOPT_CONNECT_ONLY` option set                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8231                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8285       |          |                       |                   | curl: malicious FTP server can                               |
|                     |                     |          |                       |                   | trigger stack overflow when                                  |
|                     |                     |          |                       |                   | CURLOPT_CHUNK_BGN_FUNCTION                                   |
|                     |                     |          |                       |                   | is used...                                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8285                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8286       |          |                       |                   | curl: inferior OCSP verification                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8286                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8284       | LOW      |                       |                   | curl: dangerous nature                                       |
|                     |                     |          |                       |                   | of PASV command could                                        |
|                     |                     |          |                       |                   | be used to make curl...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8284                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgcc1             | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgcrypt20         | CVE-2019-13627      | MEDIUM   | 1.8.4-5               |                   | libgcrypt: ECDSA timing attack                               |
|                     |                     |          |                       |                   | allowing private key leak                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-13627                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-6829       | LOW      |                       |                   | libgcrypt: ElGamal implementation                            |
|                     |                     |          |                       |                   | doesn't have semantic security due                           |
|                     |                     |          |                       |                   | to incorrectly encoded plaintexts...                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-6829                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgnutls-dane0     | CVE-2020-24659      | HIGH     | 3.6.7-4+deb10u5       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls-openssl27 | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls28-dev     | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls30         | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutlsxx28       | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libgssapi-krb5-2    | CVE-2004-0971       |          | 1.17-3+deb10u1        |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libidn2-0           | CVE-2019-12290      | HIGH     | 2.0.5-1+deb10u1       |                   | GNU libidn2 before 2.2.0                                     |
|                     |                     |          |                       |                   | fails to perform the roundtrip                               |
|                     |                     |          |                       |                   | checks specified in...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12290                        |
+---------------------+                     +          +                       +-------------------+                                                              +
| libidn2-dev         |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libk5crypto3        | CVE-2004-0971       | LOW      | 1.17-3+deb10u1        |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+          +                       +-------------------+--------------------------------------------------------------+
| libkrb5-3           | CVE-2004-0971       |          |                       |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+          +                       +-------------------+--------------------------------------------------------------+
| libkrb5support0     | CVE-2004-0971       |          |                       |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libldap-2.4-2       | CVE-2020-36221      | HIGH     | 2.4.47+dfsg-3+deb10u4 |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in serialNumberAndIssuerCheck                                |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36221                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36222      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | slapd in the saslAuthzTo validation                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36222                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36223      |          |                       |                   | openldap: Out-of-bounds                                      |
|                     |                     |          |                       |                   | read in Values Return Filter                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36223                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36224      |          |                       |                   | openldap: Invalid pointer free                               |
|                     |                     |          |                       |                   | in the saslAuthzTo processing                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36224                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36225      |          |                       |                   | openldap: Double free in                                     |
|                     |                     |          |                       |                   | the saslAuthzTo processing                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36225                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36226      |          |                       |                   | openldap: Denial of service                                  |
|                     |                     |          |                       |                   | via length miscalculation                                    |
|                     |                     |          |                       |                   | in slap_parse_user                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36226                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36227      |          |                       |                   | openldap: Infinite loop in slapd with                        |
|                     |                     |          |                       |                   | the cancel_extop Cancel operation                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36227                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36228      |          |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in issuerAndThisUpdateCheck                                  |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36229      |          |                       |                   | openldap: Type confusion                                     |
|                     |                     |          |                       |                   | in ad_keystring in ad.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36230      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | ber_next_element in decode.c                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36230                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-3276       | LOW      |                       |                   | openldap: incorrect multi-keyword                            |
|                     |                     |          |                       |                   | mode cipherstring parsing                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-14159      |          |                       |                   | openldap: Privilege escalation                               |
|                     |                     |          |                       |                   | via PID file manipulation                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-17740      |          |                       |                   | openldap:                                                    |
|                     |                     |          |                       |                   | contrib/slapd-modules/nops/nops.c                            |
|                     |                     |          |                       |                   | attempts to free stack buffer                                |
|                     |                     |          |                       |                   | allowing remote attackers to cause...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15719      |          |                       |                   | openldap: Certificate                                        |
|                     |                     |          |                       |                   | validation incorrectly                                       |
|                     |                     |          |                       |                   | matches name against CN-ID                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libldap-common      | CVE-2020-36221      | HIGH     |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in serialNumberAndIssuerCheck                                |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36221                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36222      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | slapd in the saslAuthzTo validation                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36222                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36223      |          |                       |                   | openldap: Out-of-bounds                                      |
|                     |                     |          |                       |                   | read in Values Return Filter                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36223                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36224      |          |                       |                   | openldap: Invalid pointer free                               |
|                     |                     |          |                       |                   | in the saslAuthzTo processing                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36224                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36225      |          |                       |                   | openldap: Double free in                                     |
|                     |                     |          |                       |                   | the saslAuthzTo processing                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36225                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36226      |          |                       |                   | openldap: Denial of service                                  |
|                     |                     |          |                       |                   | via length miscalculation                                    |
|                     |                     |          |                       |                   | in slap_parse_user                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36226                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36227      |          |                       |                   | openldap: Infinite loop in slapd with                        |
|                     |                     |          |                       |                   | the cancel_extop Cancel operation                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36227                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36228      |          |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in issuerAndThisUpdateCheck                                  |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36229      |          |                       |                   | openldap: Type confusion                                     |
|                     |                     |          |                       |                   | in ad_keystring in ad.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36230      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | ber_next_element in decode.c                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36230                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-3276       | LOW      |                       |                   | openldap: incorrect multi-keyword                            |
|                     |                     |          |                       |                   | mode cipherstring parsing                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-14159      |          |                       |                   | openldap: Privilege escalation                               |
|                     |                     |          |                       |                   | via PID file manipulation                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-17740      |          |                       |                   | openldap:                                                    |
|                     |                     |          |                       |                   | contrib/slapd-modules/nops/nops.c                            |
|                     |                     |          |                       |                   | attempts to free stack buffer                                |
|                     |                     |          |                       |                   | allowing remote attackers to cause...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15719      |          |                       |                   | openldap: Certificate                                        |
|                     |                     |          |                       |                   | validation incorrectly                                       |
|                     |                     |          |                       |                   | matches name against CN-ID                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| liblz4-1            | CVE-2019-17543      |          | 1.8.3-1               |                   | lz4: heap-based buffer                                       |
|                     |                     |          |                       |                   | overflow in LZ4_write32                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-17543                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libnghttp2-14       | TEMP-0000000-A4EF31 |          | 1.36.0-2+deb10u1      |                   | -->security-tracker.debian.org/tracker/TEMP-0000000-A4EF31   |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libp11-kit-dev      | CVE-2020-29361      | HIGH     | 0.23.15-2             | 0.23.15-2+deb10u1 | p11-kit: integer overflow when                               |
|                     |                     |          |                       |                   | allocating memory for arrays                                 |
|                     |                     |          |                       |                   | or attributes and object...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29361                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29363      |          |                       |                   | p11-kit: out-of-bounds write in                              |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array_value                          |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29363                        |
+                     +---------------------+----------+                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29362      | MEDIUM   |                       |                   | p11-kit: out-of-bounds read in                               |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array                                |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29362                        |
+---------------------+---------------------+----------+                       +                   +--------------------------------------------------------------+
| libp11-kit0         | CVE-2020-29361      | HIGH     |                       |                   | p11-kit: integer overflow when                               |
|                     |                     |          |                       |                   | allocating memory for arrays                                 |
|                     |                     |          |                       |                   | or attributes and object...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29361                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29363      |          |                       |                   | p11-kit: out-of-bounds write in                              |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array_value                          |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29363                        |
+                     +---------------------+----------+                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29362      | MEDIUM   |                       |                   | p11-kit: out-of-bounds read in                               |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array                                |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29362                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libpcre3            | CVE-2020-14155      |          | 2:8.39-12             |                   | pcre: integer overflow in libpcre                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-14155                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-11164      | LOW      |                       |                   | pcre: OP_KETRMAX feature in the                              |
|                     |                     |          |                       |                   | match function in pcre_exec.c                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-11164                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-16231      |          |                       |                   | pcre: self-recursive call                                    |
|                     |                     |          |                       |                   | in match() in pcre_exec.c                                    |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-16231                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-7245       |          |                       |                   | pcre: stack-based buffer overflow                            |
|                     |                     |          |                       |                   | write in pcre32_copy_substring                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-7245                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-7246       |          |                       |                   | pcre: stack-based buffer overflow                            |
|                     |                     |          |                       |                   | write in pcre32_copy_substring                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-7246                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20838      |          |                       |                   | pcre: buffer over-read in                                    |
|                     |                     |          |                       |                   | JIT when UTF is disabled                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20838                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libpq5              | CVE-2020-25694      | HIGH     | 11.9-0+deb10u1        |                   | postgresql: Reconnection                                     |
|                     |                     |          |                       |                   | can downgrade connection                                     |
|                     |                     |          |                       |                   | security settings                                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25694                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25695      |          |                       |                   | postgresql: Multiple                                         |
|                     |                     |          |                       |                   | features escape "security                                    |
|                     |                     |          |                       |                   | restricted operation" sandbox                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25695                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25696      |          |                       |                   | postgresql: psql's                                           |
|                     |                     |          |                       |                   | \gset allows overwriting                                     |
|                     |                     |          |                       |                   | specially treated variables                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25696                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9193       | LOW      |                       |                   | postgresql: Command injection via                            |
|                     |                     |          |                       |                   | "COPY TO/FROM PROGRAM" function                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9193                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libseccomp2         | CVE-2019-9893       |          | 2.3.3-4               |                   | libseccomp: incorrect generation                             |
|                     |                     |          |                       |                   | of syscall filters in libseccomp                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9893                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libsqlite3-0        | CVE-2019-19603      | HIGH     | 3.27.2-3+deb10u1      |                   | sqlite: mishandles certain SELECT                            |
|                     |                     |          |                       |                   | statements with a nonexistent                                |
|                     |                     |          |                       |                   | VIEW, leading to DoS...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19603                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19645      | MEDIUM   |                       |                   | sqlite: infinite recursion via                               |
|                     |                     |          |                       |                   | certain types of self-referential                            |
|                     |                     |          |                       |                   | views in conjunction with...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19645                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19924      |          |                       |                   | sqlite: incorrect                                            |
|                     |                     |          |                       |                   | sqlite3WindowRewrite() error                                 |
|                     |                     |          |                       |                   | handling leads to mishandling                                |
|                     |                     |          |                       |                   | certain parser-tree rewriting                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19924                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13631      |          |                       |                   | sqlite: Virtual table can be                                 |
|                     |                     |          |                       |                   | renamed into the name of one of...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13631                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19244      | LOW      |                       |                   | sqlite: allows a crash                                       |
|                     |                     |          |                       |                   | if a sub-select uses both                                    |
|                     |                     |          |                       |                   | DISTINCT and window...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19244                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11656      |          |                       |                   | sqlite: use-after-free in the                                |
|                     |                     |          |                       |                   | ALTER TABLE implementation                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11656                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libssh2-1           | CVE-2019-13115      | HIGH     | 1.8.0-2.1             |                   | libssh2: integer overflow in                                 |
|                     |                     |          |                       |                   | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
|                     |                     |          |                       |                   | in kex.c leads to out-of-bounds write                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-13115                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-17498      | LOW      |                       |                   | libssh2: integer overflow in                                 |
|                     |                     |          |                       |                   | SSH_MSG_DISCONNECT logic in packet.c                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-17498                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libssl1.1           | CVE-2007-6755       |          | 1.1.1d-0+deb10u4      |                   | Dual_EC_DRBG: weak pseudo                                    |
|                     |                     |          |                       |                   | random number generator                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-0928       |          |                       |                   | openssl: RSA authentication weakness                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1551       |          |                       |                   | openssl: Integer overflow in RSAZ                            |
|                     |                     |          |                       |                   | modular exponentiation on x86_64                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1551                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libstdc++6          | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libsystemd0         | CVE-2019-3843       |          | 241-7~deb10u5         |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can create SUID/SGID binaries                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-3844       |          |                       |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can get new privileges and                                   |
|                     |                     |          |                       |                   | create SGID binaries...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4392       | LOW      |                       |                   | systemd: TOCTOU race condition                               |
|                     |                     |          |                       |                   | when updating file permissions                               |
|                     |                     |          |                       |                   | and SELinux security contexts...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20386      |          |                       |                   | systemd: memory leak in button_open()                        |
|                     |                     |          |                       |                   | in login/logind-button.c when                                |
|                     |                     |          |                       |                   | udev events are received...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13776      |          |                       |                   | systemd: mishandles numerical                                |
|                     |                     |          |                       |                   | usernames beginning with decimal                             |
|                     |                     |          |                       |                   | digits or 0x followed by...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libtasn1-6          | CVE-2018-1000654    |          | 4.13-3                |                   | libtasn1: Infinite loop in                                   |
|                     |                     |          |                       |                   | _asn1_expand_object_id(ptree)                                |
|                     |                     |          |                       |                   | leads to memory exhaustion                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-1000654                      |
+---------------------+                     +          +                       +-------------------+                                                              +
| libtasn1-6-dev      |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libudev1            | CVE-2019-3843       | HIGH     | 241-7~deb10u5         |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can create SUID/SGID binaries                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-3844       |          |                       |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can get new privileges and                                   |
|                     |                     |          |                       |                   | create SGID binaries...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4392       | LOW      |                       |                   | systemd: TOCTOU race condition                               |
|                     |                     |          |                       |                   | when updating file permissions                               |
|                     |                     |          |                       |                   | and SELinux security contexts...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20386      |          |                       |                   | systemd: memory leak in button_open()                        |
|                     |                     |          |                       |                   | in login/logind-button.c when                                |
|                     |                     |          |                       |                   | udev events are received...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13776      |          |                       |                   | systemd: mishandles numerical                                |
|                     |                     |          |                       |                   | usernames beginning with decimal                             |
|                     |                     |          |                       |                   | digits or 0x followed by...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libunbound8         | CVE-2020-28935      | MEDIUM   | 1.9.0-2+deb10u2       |                   | unbound: symbolic link                                       |
|                     |                     |          |                       |                   | traversal when writing PID file                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-28935                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-18934      | LOW      |                       |                   | unbound: command injection with                              |
|                     |                     |          |                       |                   | data coming from a specially                                 |
|                     |                     |          |                       |                   | crafted IPSECKEY answer...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-18934                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| linux-libc-dev      | CVE-2013-7445       | HIGH     | 4.19.160-2            |                   | kernel: memory exhaustion via                                |
|                     |                     |          |                       |                   | crafted Graphics Execution                                   |
|                     |                     |          |                       |                   | Manager (GEM) objects                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-7445                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19378      |          |                       |                   | kernel: out-of-bounds write in                               |
|                     |                     |          |                       |                   | index_rbio_pages in fs/btrfs/raid56.c                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19378                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19449      |          |                       |                   | kernel: mounting a crafted                                   |
|                     |                     |          |                       |                   | f2fs filesystem image can lead                               |
|                     |                     |          |                       |                   | to slab-out-of-bounds read...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19449                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19814      |          |                       |                   | kernel: out-of-bounds write                                  |
|                     |                     |          |                       |                   | in __remove_dirty_segment                                    |
|                     |                     |          |                       |                   | in fs/f2fs/segment.c                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19814                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11725      |          |                       |                   | kernel: improper handling of                                 |
|                     |                     |          |                       |                   | private_size*count multiplication                            |
|                     |                     |          |                       |                   | due to count=info->owner typo                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11725                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-16119      |          |                       |                   | kernel: DCCP CCID structure                                  |
|                     |                     |          |                       |                   | use-after-free may lead to                                   |
|                     |                     |          |                       |                   | DoS or code execution...                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-16119                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27815      |          |                       | 4.19.171-2        | kernel: Array index out of                                   |
|                     |                     |          |                       |                   | bounds access when setting                                   |
|                     |                     |          |                       |                   | extended attributes on...                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27815                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-28374      |          |                       |                   | kernel: SCSI target (LIO) write                              |
|                     |                     |          |                       |                   | to any block on ILO backstore                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-28374                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29374      |          |                       |                   | kernel: the get_user_pages                                   |
|                     |                     |          |                       |                   | implementation when used for a                               |
|                     |                     |          |                       |                   | copy-on-write page does not...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29374                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29569      |          |                       | 4.19.171-2        | ELSA-2021-9025:  Unbreakable                                 |
|                     |                     |          |                       |                   | Enterprise kernel-container                                  |
|                     |                     |          |                       |                   | security update (IMPORTANT)                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29569                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29661      |          |                       |                   | kernel: locking issue in                                     |
|                     |                     |          |                       |                   | drivers/tty/tty_jobctrl.c                                    |
|                     |                     |          |                       |                   | can lead to an use-after-free                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29661                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2021-3347       |          |                       |                   | kernel: Use after free                                       |
|                     |                     |          |                       |                   | via PI futex state                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3347                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-0630       | MEDIUM   |                       |                   | kernel: Information                                          |
|                     |                     |          |                       |                   | disclosure vulnerability                                     |
|                     |                     |          |                       |                   | in kernel trace subsystem                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-0630                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-3693       |          |                       |                   | Kernel: speculative                                          |
|                     |                     |          |                       |                   | bounds check bypass store                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-3693                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15213      |          |                       |                   | kernel: use-after-free caused                                |
|                     |                     |          |                       |                   | by malicious USB device in                                   |
|                     |                     |          |                       |                   | drivers/media/usb/dvb-usb/dvb-usb-init.c                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15213                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15794      |          |                       |                   | kernel: Overlayfs in the                                     |
|                     |                     |          |                       |                   | Linux kernel and shiftfs                                     |
|                     |                     |          |                       |                   | not restoring original...                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15794                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16089      |          |                       |                   | kernel: Improper return check                                |
|                     |                     |          |                       |                   | in nbd_genl_status function                                  |
|                     |                     |          |                       |                   | in drivers/block/nbd.c                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16089                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20794      |          |                       |                   | kernel: task processes not                                   |
|                     |                     |          |                       |                   | being properly ended could                                   |
|                     |                     |          |                       |                   | lead to resource exhaustion...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20794                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-14304      |          |                       |                   | kernel: ethtool when reading                                 |
|                     |                     |          |                       |                   | eeprom of device could                                       |
|                     |                     |          |                       |                   | lead to memory leak...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-14304                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15802      |          |                       |                   | hardware: BLURtooth: "Dual                                   |
|                     |                     |          |                       |                   | mode" hardware using CTKD are                                |
|                     |                     |          |                       |                   | vulnerable to key overwrite...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15802                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-16120      |          |                       |                   | kernel: incorrect unprivileged                               |
|                     |                     |          |                       |                   | overlayfs permission checking may                            |
|                     |                     |          |                       |                   | lead to information disclosure                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-16120                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-26541      |          |                       |                   | kernel: security bypass                                      |
|                     |                     |          |                       |                   | in certs/blacklist.c and                                     |
|                     |                     |          |                       |                   | certs/system_keyring.c                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-26541                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27820      |          |                       |                   | kernel: use-after-free                                       |
|                     |                     |          |                       |                   | in nouveau kernel module                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27820                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27825      |          |                       | 4.19.171-2        | kernel: use-after-free                                       |
|                     |                     |          |                       |                   | in the ftrace ring buffer                                    |
|                     |                     |          |                       |                   | resizing logic due to a...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27825                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-27830      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in in spk_ttyio_receive_buf2                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27830                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27835      |          |                       |                   | kernel: child process is able to                             |
|                     |                     |          |                       |                   | access parent mm through hfi dev...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27835                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29568      |          |                       | 4.19.171-2        | ELSA-2021-9025:  Unbreakable                                 |
|                     |                     |          |                       |                   | Enterprise kernel-container                                  |
|                     |                     |          |                       |                   | security update (IMPORTANT)                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29568                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29660      |          |                       |                   | kernel: locking inconsistency                                |
|                     |                     |          |                       |                   | in drivers/tty/tty_io.c and                                  |
|                     |                     |          |                       |                   | drivers/tty/tty_jobctrl.c can                                |
|                     |                     |          |                       |                   | lead to a read-after-free...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29660                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-36158      |          |                       |                   | kernel: buffer overflow in                                   |
|                     |                     |          |                       |                   | mwifiex_cmd_802_11_ad_hoc_start function in                  |
|                     |                     |          |                       |                   | drivers/net/wireless/marvell/mwifiex/join.c                  |
|                     |                     |          |                       |                   | via a long SSID...                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36158                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2021-20177      |          |                       |                   | kernel: iptables string match                                |
|                     |                     |          |                       |                   | rule could result in kernel panic                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-20177                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3348       |          |                       |                   | kernel: Use-after-free                                       |
|                     |                     |          |                       |                   | in ndb_queue_rq() in                                         |
|                     |                     |          |                       |                   | drivers/block/nbd.c                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3348                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2004-0230       | LOW      |                       |                   | TCP, when using a large Window                               |
|                     |                     |          |                       |                   | Size, makes it easier for remote...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0230                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2005-3660       |          |                       |                   | Linux kernel 2.4 and 2.6 allows                              |
|                     |                     |          |                       |                   | attackers to cause a denial of...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2005-3660                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2007-3719       |          |                       |                   | kernel: secretly Monopolizing the                            |
|                     |                     |          |                       |                   | CPU Without Superuser Privileges                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-3719                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2008-2544       |          |                       |                   | kernel: mounting proc                                        |
|                     |                     |          |                       |                   | readonly on a different mount                                |
|                     |                     |          |                       |                   | point silently mounts it...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2008-2544                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2008-4609       |          |                       |                   | kernel: TCP protocol                                         |
|                     |                     |          |                       |                   | vulnerabilities from Outpost24                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2008-4609                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4563       |          |                       |                   | kernel: ipv6: sniffer detection                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4563                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-5321       |          |                       |                   | kernel: v4l: videobuf: hotfix a                              |
|                     |                     |          |                       |                   | bug on multiple calls to mmap()                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-5321                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-4915       |          |                       |                   | fs/proc/base.c in the Linux                                  |
|                     |                     |          |                       |                   | kernel through 3.1 allows                                    |
|                     |                     |          |                       |                   | local users to obtain...                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4915                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-4917       |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4917                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2012-4542       |          |                       |                   | kernel: block: default SCSI                                  |
|                     |                     |          |                       |                   | command filter does not accomodate                           |
|                     |                     |          |                       |                   | commands overlap across...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2012-4542                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2014-9892       |          |                       |                   | The snd_compr_tstamp function in                             |
|                     |                     |          |                       |                   | sound/core/compress_offload.c in                             |
|                     |                     |          |                       |                   | the Linux kernel through 4.7, as...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2014-9892                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2014-9900       |          |                       |                   | kernel: Info leak in uninitialized                           |
|                     |                     |          |                       |                   | structure ethtool_wolinfo                                    |
|                     |                     |          |                       |                   | in ethtool_get_wol()                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2014-9900                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-2877       |          |                       |                   | Kernel: Cross-VM ASL                                         |
|                     |                     |          |                       |                   | INtrospection (CAIN)                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-2877                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10723      |          |                       |                   | ** DISPUTED ** An issue                                      |
|                     |                     |          |                       |                   | was discovered in the                                        |
|                     |                     |          |                       |                   | Linux kernel through...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10723                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-8660       |          |                       |                   | kernel: xfs: local DoS due to                                |
|                     |                     |          |                       |                   | a page lock order bug in...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-8660                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-13693      |          |                       |                   | kernel: ACPI operand                                         |
|                     |                     |          |                       |                   | cache leak in dsutils.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-13693                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-13694      |          |                       |                   | kernel: ACPI node and                                        |
|                     |                     |          |                       |                   | node_ext cache leak                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-13694                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-1121       |          |                       |                   | procps-ng, procps: process                                   |
|                     |                     |          |                       |                   | hiding through race                                          |
|                     |                     |          |                       |                   | condition enumerating /proc                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-1121                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-12928      |          |                       |                   | kernel: NULL pointer dereference                             |
|                     |                     |          |                       |                   | in hfs_ext_read_extent in hfs.ko                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12928                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-17977      |          |                       |                   | kernel: Mishandled interactions among                        |
|                     |                     |          |                       |                   | XFRM Netlink messages, IPPROTO_AH                            |
|                     |                     |          |                       |                   | packets, and IPPROTO_IP packets...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-17977                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-11191      |          |                       |                   | kernel: race condition in                                    |
|                     |                     |          |                       |                   | load_aout_binary() allows local                              |
|                     |                     |          |                       |                   | users to bypass ASLR on...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-11191                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12378      |          |                       |                   | kernel: unchecked kmalloc                                    |
|                     |                     |          |                       |                   | of new_ra in ip6_ra_control                                  |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12378                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12379      |          |                       |                   | kernel:  memory leak in                                      |
|                     |                     |          |                       |                   | con_insert_unipair in                                        |
|                     |                     |          |                       |                   | drivers/tty/vt/consolemap.c                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12379                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12380      |          |                       |                   | kernel: memory allocation                                    |
|                     |                     |          |                       |                   | failure in the efi subsystem                                 |
|                     |                     |          |                       |                   | leads to denial of...                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12380                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12381      |          |                       |                   | kernel: unchecked kmalloc                                    |
|                     |                     |          |                       |                   | of new_ra in ip_ra_control                                   |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12381                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12382      |          |                       |                   | kernel: unchecked kstrdup of                                 |
|                     |                     |          |                       |                   | fwstr in drm_load_edid_firmware                              |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12382                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12455      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in sunxi_divs_clk_setup in                                   |
|                     |                     |          |                       |                   | drivers/clk/sunxi/clk-sunxi.c                                |
|                     |                     |          |                       |                   | causing denial of service...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12455                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12456      |          |                       |                   | kernel: double fetch in the                                  |
|                     |                     |          |                       |                   | MPT3COMMAND case in _ctl_ioctl_main                          |
|                     |                     |          |                       |                   | in drivers/scsi/mpt3sas/mpt3sas_ctl.c                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12456                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12615      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in get_vdev_port_node_info                                   |
|                     |                     |          |                       |                   | in arch /sparc/kernel/mdesc.c                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12615                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16229      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16230      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/gpu/drm/radeon/radeon_display.c                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16230                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16231      |          |                       |                   | kernel: null-pointer dereference                             |
|                     |                     |          |                       |                   | in drivers/net/fjes/fjes_main.c                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16231                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16232      |          |                       |                   | kernel: null-pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/net/wireless/marvell/libertas/if_sdio.c              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16232                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16233      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in drivers/scsi/qla2xxx/qla_os.c                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16233                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16234      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/net/wireless/intel/iwlwifi/pcie/trans.c              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16234                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19064      |          |                       |                   | kernel: A memory leak in the                                 |
|                     |                     |          |                       |                   | fsl_lpspi_probe() function in                                |
|                     |                     |          |                       |                   | drivers/spi/spi-fsl-lpspi.c                                  |
|                     |                     |          |                       |                   | allows for...                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19064                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19070      |          |                       |                   | kernel: A memory leak in the                                 |
|                     |                     |          |                       |                   | spi_gpio_probe() function in                                 |
|                     |                     |          |                       |                   | drivers/spi/spi-gpio.c allows for...                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19070                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19083      |          |                       |                   | kernel: memory leaks in                                      |
|                     |                     |          |                       |                   | *clock_source_create() functions                             |
|                     |                     |          |                       |                   | under drivers/gpu/drm/amd/display/dc                         |
|                     |                     |          |                       |                   | leads to DoS                                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19083                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3178       |          |                       | 4.19.171-1        | kernel: path traversal in                                    |
|                     |                     |          |                       |                   | fs/nfsd/nfs3xdr.c may lead to                                |
|                     |                     |          |                       |                   | Information Disclosure or RCE...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3178                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0000000-F7A20F |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0000000-F7A20F   |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25670      | UNKNOWN  |                       |                   | kernel: refcount leak                                        |
|                     |                     |          |                       |                   | in llcp_sock_bind()                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25670                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25671      |          |                       |                   | kernel: refcount leak                                        |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25671                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25672      |          |                       |                   | kernel: memory leak                                          |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25672                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25673      |          |                       |                   | kernel: non-blocking socket                                  |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25673                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| login               | CVE-2007-5686       | LOW      | 1:4.5-1.1             |                   | initscripts in rPath Linux 1                                 |
|                     |                     |          |                       |                   | sets insecure permissions for                                |
|                     |                     |          |                       |                   | the /var/log/btmp file,...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4235       |          |                       |                   | shadow-utils: TOCTOU race                                    |
|                     |                     |          |                       |                   | conditions by copying and                                    |
|                     |                     |          |                       |                   | removing directory trees                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-7169       |          |                       |                   | shadow-utils: newgidmap                                      |
|                     |                     |          |                       |                   | allows unprivileged user to                                  |
|                     |                     |          |                       |                   | drop supplementary groups                                    |
|                     |                     |          |                       |                   | potentially allowing privilege...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19882      |          |                       |                   | shadow-utils: local users can                                |
|                     |                     |          |                       |                   | obtain root access because setuid                            |
|                     |                     |          |                       |                   | programs are misconfigured...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0628843-DBAD28 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| openssl             | CVE-2007-6755       |          | 1.1.1d-0+deb10u4      |                   | Dual_EC_DRBG: weak pseudo                                    |
|                     |                     |          |                       |                   | random number generator                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-0928       |          |                       |                   | openssl: RSA authentication weakness                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1551       |          |                       |                   | openssl: Integer overflow in RSAZ                            |
|                     |                     |          |                       |                   | modular exponentiation on x86_64                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1551                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| passwd              | CVE-2007-5686       |          | 1:4.5-1.1             |                   | initscripts in rPath Linux 1                                 |
|                     |                     |          |                       |                   | sets insecure permissions for                                |
|                     |                     |          |                       |                   | the /var/log/btmp file,...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4235       |          |                       |                   | shadow-utils: TOCTOU race                                    |
|                     |                     |          |                       |                   | conditions by copying and                                    |
|                     |                     |          |                       |                   | removing directory trees                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-7169       |          |                       |                   | shadow-utils: newgidmap                                      |
|                     |                     |          |                       |                   | allows unprivileged user to                                  |
|                     |                     |          |                       |                   | drop supplementary groups                                    |
|                     |                     |          |                       |                   | potentially allowing privilege...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19882      |          |                       |                   | shadow-utils: local users can                                |
|                     |                     |          |                       |                   | obtain root access because setuid                            |
|                     |                     |          |                       |                   | programs are misconfigured...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0628843-DBAD28 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| perl-base           | CVE-2011-4116       |          | 5.28.1-6+deb10u1      |                   | perl: File::Temp insecure                                    |
|                     |                     |          |                       |                   | temporary file handling                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4116                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| sqlite3             | CVE-2019-19603      | HIGH     | 3.27.2-3+deb10u1      |                   | sqlite: mishandles certain SELECT                            |
|                     |                     |          |                       |                   | statements with a nonexistent                                |
|                     |                     |          |                       |                   | VIEW, leading to DoS...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19603                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19645      | MEDIUM   |                       |                   | sqlite: infinite recursion via                               |
|                     |                     |          |                       |                   | certain types of self-referential                            |
|                     |                     |          |                       |                   | views in conjunction with...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19645                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19924      |          |                       |                   | sqlite: incorrect                                            |
|                     |                     |          |                       |                   | sqlite3WindowRewrite() error                                 |
|                     |                     |          |                       |                   | handling leads to mishandling                                |
|                     |                     |          |                       |                   | certain parser-tree rewriting                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19924                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13631      |          |                       |                   | sqlite: Virtual table can be                                 |
|                     |                     |          |                       |                   | renamed into the name of one of...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13631                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19244      | LOW      |                       |                   | sqlite: allows a crash                                       |
|                     |                     |          |                       |                   | if a sub-select uses both                                    |
|                     |                     |          |                       |                   | DISTINCT and window...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19244                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11656      |          |                       |                   | sqlite: use-after-free in the                                |
|                     |                     |          |                       |                   | ALTER TABLE implementation                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11656                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| sysvinit-utils      | TEMP-0517018-A83CE6 |          | 2.93-8                |                   | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| tar                 | CVE-2005-2541       |          | 1.30+dfsg-6           |                   | Tar 1.15.1 does not                                          |
|                     |                     |          |                       |                   | properly warn the user when                                  |
|                     |                     |          |                       |                   | extracting setuid or...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2005-2541                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9923       |          |                       |                   | tar: null-pointer dereference                                |
|                     |                     |          |                       |                   | in pax_decode_header in sparse.c                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9923                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-20193      |          |                       |                   | tar: Memory leak in                                          |
|                     |                     |          |                       |                   | read_header() in list.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-20193                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0290435-0B57B5 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5   |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
Originally created by @thelittlefireman on GitHub (Feb 2, 2021). Hi, could it be possible to add trivy scan on CI on docker image ? The image base on alpine is safe, but on debian (latest) contains lots of CVE : ``` docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:alpine docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:latest ``` alpine result : ``` 2021-02-02T15:58:43.847Z INFO Detecting Alpine vulnerabilities... 2021-02-02T15:58:43.852Z INFO Trivy skips scanning programming language libraries because no supported file was detected bitwardenrs/server:alpine (alpine 3.12.3) ========================================= Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ``` debian result : ``` 2021-02-02T15:54:59.426Z WARN You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed 2021-02-02T15:55:02.257Z INFO Detecting Debian vulnerabilities... 2021-02-02T15:55:02.345Z INFO Trivy skips scanning programming language libraries because no supported file was detected bitwardenrs/server:latest (debian 10.7) ======================================= Total: 291 (UNKNOWN: 4, LOW: 164, MEDIUM: 46, HIGH: 77, CRITICAL: 0) +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | apt | CVE-2011-3374 | LOW | 1.8.2.2 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | | | | | | | equal to its real UID the... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0841856-B18BAF | | | | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | | | | | | | session can escape to the | | | | | | | parent session in chroot | | | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-18018 | | | | coreutils: race condition | | | | | | | vulnerability in chown and chgrp | | | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | curl | CVE-2020-8169 | HIGH | 7.64.0-4+deb10u1 | | libcurl: partial password | | | | | | | leak over DNS on HTTP redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8177 | | | | curl: Incorrect argument | | | | | | | check can allow remote servers | | | | | | | to overwrite local files... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8177 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8231 | | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | `CURLOPT_CONNECT_ONLY` option set | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8285 | | | | curl: malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION | | | | | | | is used... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8285 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8286 | | | | curl: inferior OCSP verification | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8286 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2020-8284 | LOW | | | curl: dangerous nature | | | | | | | of PASV command could | | | | | | | be used to make curl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8284 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | | | | | | | Forgeries with SHA-1 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.2 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libc-bin | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libc-dev-bin | CVE-2020-1751 | HIGH | | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libc6 | CVE-2020-1751 | HIGH | | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libc6-dev | CVE-2020-1751 | HIGH | | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libcurl4 | CVE-2020-8169 | HIGH | 7.64.0-4+deb10u1 | | libcurl: partial password | | | | | | | leak over DNS on HTTP redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8177 | | | | curl: Incorrect argument | | | | | | | check can allow remote servers | | | | | | | to overwrite local files... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8177 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8231 | | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | `CURLOPT_CONNECT_ONLY` option set | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8285 | | | | curl: malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION | | | | | | | is used... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8285 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8286 | | | | curl: inferior OCSP verification | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8286 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2020-8284 | LOW | | | curl: dangerous nature | | | | | | | of PASV command could | | | | | | | be used to make curl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8284 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libgcrypt20 | CVE-2019-13627 | MEDIUM | 1.8.4-5 | | libgcrypt: ECDSA timing attack | | | | | | | allowing private key leak | | | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | | | | | | | doesn't have semantic security due | | | | | | | to incorrectly encoded plaintexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libgnutls-dane0 | CVE-2020-24659 | HIGH | 3.6.7-4+deb10u5 | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutls-openssl27 | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutls28-dev | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutls30 | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutlsxx28 | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u1 | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | | | | | | | fails to perform the roundtrip | | | | | | | checks specified in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | +---------------------+ + + +-------------------+ + | libidn2-dev | | | | | | | | | | | | | | | | | | | | | | | | | | | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u1 | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+ + +-------------------+--------------------------------------------------------------+ | libkrb5-3 | CVE-2004-0971 | | | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+ + +-------------------+--------------------------------------------------------------+ | libkrb5support0 | CVE-2004-0971 | | | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libldap-2.4-2 | CVE-2020-36221 | HIGH | 2.4.47+dfsg-3+deb10u4 | | openldap: Integer underflow | | | | | | | in serialNumberAndIssuerCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36221 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36222 | | | | openldap: Assertion failure in | | | | | | | slapd in the saslAuthzTo validation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36222 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36223 | | | | openldap: Out-of-bounds | | | | | | | read in Values Return Filter | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36223 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36224 | | | | openldap: Invalid pointer free | | | | | | | in the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36224 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36225 | | | | openldap: Double free in | | | | | | | the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36225 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36226 | | | | openldap: Denial of service | | | | | | | via length miscalculation | | | | | | | in slap_parse_user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36226 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36227 | | | | openldap: Infinite loop in slapd with | | | | | | | the cancel_extop Cancel operation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36227 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36228 | | | | openldap: Integer underflow | | | | | | | in issuerAndThisUpdateCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36229 | | | | openldap: Type confusion | | | | | | | in ad_keystring in ad.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36229 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36230 | | | | openldap: Assertion failure in | | | | | | | ber_next_element in decode.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36230 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2015-3276 | LOW | | | openldap: incorrect multi-keyword | | | | | | | mode cipherstring parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-14159 | | | | openldap: Privilege escalation | | | | | | | via PID file manipulation | | | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-17740 | | | | openldap: | | | | | | | contrib/slapd-modules/nops/nops.c | | | | | | | attempts to free stack buffer | | | | | | | allowing remote attackers to cause... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-15719 | | | | openldap: Certificate | | | | | | | validation incorrectly | | | | | | | matches name against CN-ID | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libldap-common | CVE-2020-36221 | HIGH | | | openldap: Integer underflow | | | | | | | in serialNumberAndIssuerCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36221 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36222 | | | | openldap: Assertion failure in | | | | | | | slapd in the saslAuthzTo validation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36222 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36223 | | | | openldap: Out-of-bounds | | | | | | | read in Values Return Filter | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36223 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36224 | | | | openldap: Invalid pointer free | | | | | | | in the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36224 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36225 | | | | openldap: Double free in | | | | | | | the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36225 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36226 | | | | openldap: Denial of service | | | | | | | via length miscalculation | | | | | | | in slap_parse_user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36226 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36227 | | | | openldap: Infinite loop in slapd with | | | | | | | the cancel_extop Cancel operation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36227 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36228 | | | | openldap: Integer underflow | | | | | | | in issuerAndThisUpdateCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36229 | | | | openldap: Type confusion | | | | | | | in ad_keystring in ad.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36229 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36230 | | | | openldap: Assertion failure in | | | | | | | ber_next_element in decode.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36230 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2015-3276 | LOW | | | openldap: incorrect multi-keyword | | | | | | | mode cipherstring parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-14159 | | | | openldap: Privilege escalation | | | | | | | via PID file manipulation | | | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-17740 | | | | openldap: | | | | | | | contrib/slapd-modules/nops/nops.c | | | | | | | attempts to free stack buffer | | | | | | | allowing remote attackers to cause... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-15719 | | | | openldap: Certificate | | | | | | | validation incorrectly | | | | | | | matches name against CN-ID | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | liblz4-1 | CVE-2019-17543 | | 1.8.3-1 | | lz4: heap-based buffer | | | | | | | overflow in LZ4_write32 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libnghttp2-14 | TEMP-0000000-A4EF31 | | 1.36.0-2+deb10u1 | | -->security-tracker.debian.org/tracker/TEMP-0000000-A4EF31 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libp11-kit-dev | CVE-2020-29361 | HIGH | 0.23.15-2 | 0.23.15-2+deb10u1 | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29361 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29363 | + +---------------------+----------+ + +--------------------------------------------------------------+ | | CVE-2020-29362 | MEDIUM | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29362 | +---------------------+---------------------+----------+ + +--------------------------------------------------------------+ | libp11-kit0 | CVE-2020-29361 | HIGH | | | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29361 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29363 | + +---------------------+----------+ + +--------------------------------------------------------------+ | | CVE-2020-29362 | MEDIUM | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29362 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libpcre3 | CVE-2020-14155 | | 2:8.39-12 | | pcre: integer overflow in libpcre | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | | | | | | | match function in pcre_exec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-16231 | | | | pcre: self-recursive call | | | | | | | in match() in pcre_exec.c | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | | | | | | | write in pcre32_copy_substring | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | | | | | | | write in pcre32_copy_substring | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20838 | | | | pcre: buffer over-read in | | | | | | | JIT when UTF is disabled | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libpq5 | CVE-2020-25694 | HIGH | 11.9-0+deb10u1 | | postgresql: Reconnection | | | | | | | can downgrade connection | | | | | | | security settings | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25694 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25695 | | | | postgresql: Multiple | | | | | | | features escape "security | | | | | | | restricted operation" sandbox | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25695 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25696 | | | | postgresql: psql's | | | | | | | \gset allows overwriting | | | | | | | specially treated variables | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25696 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-9193 | LOW | | | postgresql: Command injection via | | | | | | | "COPY TO/FROM PROGRAM" function | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9193 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | | | | | | | of syscall filters in libseccomp | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandles certain SELECT | | | | | | | statements with a nonexistent | | | | | | | VIEW, leading to DoS... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | | | | | | | certain types of self-referential | | | | | | | views in conjunction with... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19924 | | | | sqlite: incorrect | | | | | | | sqlite3WindowRewrite() error | | | | | | | handling leads to mishandling | | | | | | | certain parser-tree rewriting | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13631 | | | | sqlite: Virtual table can be | | | | | | | renamed into the name of one of... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19244 | LOW | | | sqlite: allows a crash | | | | | | | if a sub-select uses both | | | | | | | DISTINCT and window... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-11656 | | | | sqlite: use-after-free in the | | | | | | | ALTER TABLE implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | | | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | | | | | | | in kex.c leads to out-of-bounds write | | | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | | | | | | | SSH_MSG_DISCONNECT logic in packet.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u4 | | Dual_EC_DRBG: weak pseudo | | | | | | | random number generator | | | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-0928 | | | | openssl: RSA authentication weakness | | | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1551 | | | | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libsystemd0 | CVE-2019-3843 | | 241-7~deb10u5 | | systemd: services with DynamicUser | | | | | | | can create SUID/SGID binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-3844 | | | | systemd: services with DynamicUser | | | | | | | can get new privileges and | | | | | | | create SGID binaries... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | | | | | | | when updating file permissions | | | | | | | and SELinux security contexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20386 | | | | systemd: memory leak in button_open() | | | | | | | in login/logind-button.c when | | | | | | | udev events are received... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13776 | | | | systemd: mishandles numerical | | | | | | | usernames beginning with decimal | | | | | | | digits or 0x followed by... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | | | | | | | _asn1_expand_object_id(ptree) | | | | | | | leads to memory exhaustion | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | +---------------------+ + + +-------------------+ + | libtasn1-6-dev | | | | | | | | | | | | | | | | | | | | | | | | | | | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u5 | | systemd: services with DynamicUser | | | | | | | can create SUID/SGID binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-3844 | | | | systemd: services with DynamicUser | | | | | | | can get new privileges and | | | | | | | create SGID binaries... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | | | | | | | when updating file permissions | | | | | | | and SELinux security contexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20386 | | | | systemd: memory leak in button_open() | | | | | | | in login/logind-button.c when | | | | | | | udev events are received... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13776 | | | | systemd: mishandles numerical | | | | | | | usernames beginning with decimal | | | | | | | digits or 0x followed by... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libunbound8 | CVE-2020-28935 | MEDIUM | 1.9.0-2+deb10u2 | | unbound: symbolic link | | | | | | | traversal when writing PID file | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28935 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-18934 | LOW | | | unbound: command injection with | | | | | | | data coming from a specially | | | | | | | crafted IPSECKEY answer... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-18934 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | linux-libc-dev | CVE-2013-7445 | HIGH | 4.19.160-2 | | kernel: memory exhaustion via | | | | | | | crafted Graphics Execution | | | | | | | Manager (GEM) objects | | | | | | | -->avd.aquasec.com/nvd/cve-2013-7445 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19378 | | | | kernel: out-of-bounds write in | | | | | | | index_rbio_pages in fs/btrfs/raid56.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19378 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19449 | | | | kernel: mounting a crafted | | | | | | | f2fs filesystem image can lead | | | | | | | to slab-out-of-bounds read... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19449 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19814 | | | | kernel: out-of-bounds write | | | | | | | in __remove_dirty_segment | | | | | | | in fs/f2fs/segment.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19814 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-11725 | | | | kernel: improper handling of | | | | | | | private_size*count multiplication | | | | | | | due to count=info->owner typo | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11725 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-16119 | | | | kernel: DCCP CCID structure | | | | | | | use-after-free may lead to | | | | | | | DoS or code execution... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-16119 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27815 | | | 4.19.171-2 | kernel: Array index out of | | | | | | | bounds access when setting | | | | | | | extended attributes on... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27815 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-28374 | | | | kernel: SCSI target (LIO) write | | | | | | | to any block on ILO backstore | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28374 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-29374 | | | | kernel: the get_user_pages | | | | | | | implementation when used for a | | | | | | | copy-on-write page does not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29374 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-29569 | | | 4.19.171-2 | ELSA-2021-9025: Unbreakable | | | | | | | Enterprise kernel-container | | | | | | | security update (IMPORTANT) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29569 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29661 | | | | kernel: locking issue in | | | | | | | drivers/tty/tty_jobctrl.c | | | | | | | can lead to an use-after-free | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29661 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2021-3347 | | | | kernel: Use after free | | | | | | | via PI futex state | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3347 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2017-0630 | MEDIUM | | | kernel: Information | | | | | | | disclosure vulnerability | | | | | | | in kernel trace subsystem | | | | | | | -->avd.aquasec.com/nvd/cve-2017-0630 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-3693 | | | | Kernel: speculative | | | | | | | bounds check bypass store | | | | | | | -->avd.aquasec.com/nvd/cve-2018-3693 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15213 | | | | kernel: use-after-free caused | | | | | | | by malicious USB device in | | | | | | | drivers/media/usb/dvb-usb/dvb-usb-init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15213 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15794 | | | | kernel: Overlayfs in the | | | | | | | Linux kernel and shiftfs | | | | | | | not restoring original... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15794 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16089 | | | | kernel: Improper return check | | | | | | | in nbd_genl_status function | | | | | | | in drivers/block/nbd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16089 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20794 | | | | kernel: task processes not | | | | | | | being properly ended could | | | | | | | lead to resource exhaustion... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20794 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-14304 | | | | kernel: ethtool when reading | | | | | | | eeprom of device could | | | | | | | lead to memory leak... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14304 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-15802 | | | | hardware: BLURtooth: "Dual | | | | | | | mode" hardware using CTKD are | | | | | | | vulnerable to key overwrite... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15802 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-16120 | | | | kernel: incorrect unprivileged | | | | | | | overlayfs permission checking may | | | | | | | lead to information disclosure | | | | | | | -->avd.aquasec.com/nvd/cve-2020-16120 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-26541 | | | | kernel: security bypass | | | | | | | in certs/blacklist.c and | | | | | | | certs/system_keyring.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-26541 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27820 | | | | kernel: use-after-free | | | | | | | in nouveau kernel module | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27820 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27825 | | | 4.19.171-2 | kernel: use-after-free | | | | | | | in the ftrace ring buffer | | | | | | | resizing logic due to a... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27825 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-27830 | | | | kernel: null pointer dereference | | | | | | | in in spk_ttyio_receive_buf2 | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27830 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27835 | | | | kernel: child process is able to | | | | | | | access parent mm through hfi dev... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27835 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-29568 | | | 4.19.171-2 | ELSA-2021-9025: Unbreakable | | | | | | | Enterprise kernel-container | | | | | | | security update (IMPORTANT) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29568 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29660 | | | | kernel: locking inconsistency | | | | | | | in drivers/tty/tty_io.c and | | | | | | | drivers/tty/tty_jobctrl.c can | | | | | | | lead to a read-after-free... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29660 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-36158 | | | | kernel: buffer overflow in | | | | | | | mwifiex_cmd_802_11_ad_hoc_start function in | | | | | | | drivers/net/wireless/marvell/mwifiex/join.c | | | | | | | via a long SSID... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36158 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2021-20177 | | | | kernel: iptables string match | | | | | | | rule could result in kernel panic | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20177 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3348 | | | | kernel: Use-after-free | | | | | | | in ndb_queue_rq() in | | | | | | | drivers/block/nbd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3348 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2004-0230 | LOW | | | TCP, when using a large Window | | | | | | | Size, makes it easier for remote... | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0230 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2005-3660 | | | | Linux kernel 2.4 and 2.6 allows | | | | | | | attackers to cause a denial of... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-3660 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2007-3719 | | | | kernel: secretly Monopolizing the | | | | | | | CPU Without Superuser Privileges | | | | | | | -->avd.aquasec.com/nvd/cve-2007-3719 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2008-2544 | | | | kernel: mounting proc | | | | | | | readonly on a different mount | | | | | | | point silently mounts it... | | | | | | | -->avd.aquasec.com/nvd/cve-2008-2544 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2008-4609 | | | | kernel: TCP protocol | | | | | | | vulnerabilities from Outpost24 | | | | | | | -->avd.aquasec.com/nvd/cve-2008-4609 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4563 | | | | kernel: ipv6: sniffer detection | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4563 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-5321 | | | | kernel: v4l: videobuf: hotfix a | | | | | | | bug on multiple calls to mmap() | | | | | | | -->avd.aquasec.com/nvd/cve-2010-5321 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2011-4915 | | | | fs/proc/base.c in the Linux | | | | | | | kernel through 3.1 allows | | | | | | | local users to obtain... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-4915 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2011-4917 | | | | -->avd.aquasec.com/nvd/cve-2011-4917 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2012-4542 | | | | kernel: block: default SCSI | | | | | | | command filter does not accomodate | | | | | | | commands overlap across... | | | | | | | -->avd.aquasec.com/nvd/cve-2012-4542 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2014-9892 | | | | The snd_compr_tstamp function in | | | | | | | sound/core/compress_offload.c in | | | | | | | the Linux kernel through 4.7, as... | | | | | | | -->avd.aquasec.com/nvd/cve-2014-9892 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2014-9900 | | | | kernel: Info leak in uninitialized | | | | | | | structure ethtool_wolinfo | | | | | | | in ethtool_get_wol() | | | | | | | -->avd.aquasec.com/nvd/cve-2014-9900 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2015-2877 | | | | Kernel: Cross-VM ASL | | | | | | | INtrospection (CAIN) | | | | | | | -->avd.aquasec.com/nvd/cve-2015-2877 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10723 | | | | ** DISPUTED ** An issue | | | | | | | was discovered in the | | | | | | | Linux kernel through... | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10723 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-8660 | | | | kernel: xfs: local DoS due to | | | | | | | a page lock order bug in... | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8660 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-13693 | | | | kernel: ACPI operand | | | | | | | cache leak in dsutils.c | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13693 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-13694 | | | | kernel: ACPI node and | | | | | | | node_ext cache leak | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13694 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-1121 | | | | procps-ng, procps: process | | | | | | | hiding through race | | | | | | | condition enumerating /proc | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1121 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-12928 | | | | kernel: NULL pointer dereference | | | | | | | in hfs_ext_read_extent in hfs.ko | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12928 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-17977 | | | | kernel: Mishandled interactions among | | | | | | | XFRM Netlink messages, IPPROTO_AH | | | | | | | packets, and IPPROTO_IP packets... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-17977 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-11191 | | | | kernel: race condition in | | | | | | | load_aout_binary() allows local | | | | | | | users to bypass ASLR on... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-11191 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12378 | | | | kernel: unchecked kmalloc | | | | | | | of new_ra in ip6_ra_control | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12378 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12379 | | | | kernel: memory leak in | | | | | | | con_insert_unipair in | | | | | | | drivers/tty/vt/consolemap.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12379 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12380 | | | | kernel: memory allocation | | | | | | | failure in the efi subsystem | | | | | | | leads to denial of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12380 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12381 | | | | kernel: unchecked kmalloc | | | | | | | of new_ra in ip_ra_control | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12381 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12382 | | | | kernel: unchecked kstrdup of | | | | | | | fwstr in drm_load_edid_firmware | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12382 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12455 | | | | kernel: null pointer dereference | | | | | | | in sunxi_divs_clk_setup in | | | | | | | drivers/clk/sunxi/clk-sunxi.c | | | | | | | causing denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12455 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12456 | | | | kernel: double fetch in the | | | | | | | MPT3COMMAND case in _ctl_ioctl_main | | | | | | | in drivers/scsi/mpt3sas/mpt3sas_ctl.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12456 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12615 | | | | kernel: null pointer dereference | | | | | | | in get_vdev_port_node_info | | | | | | | in arch /sparc/kernel/mdesc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12615 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16229 | | | | kernel: null pointer dereference in | | | | | | | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16229 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16230 | | | | kernel: null pointer dereference in | | | | | | | drivers/gpu/drm/radeon/radeon_display.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16230 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16231 | | | | kernel: null-pointer dereference | | | | | | | in drivers/net/fjes/fjes_main.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16232 | | | | kernel: null-pointer dereference in | | | | | | | drivers/net/wireless/marvell/libertas/if_sdio.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16232 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16233 | | | | kernel: null pointer dereference | | | | | | | in drivers/scsi/qla2xxx/qla_os.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16233 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16234 | | | | kernel: null pointer dereference in | | | | | | | drivers/net/wireless/intel/iwlwifi/pcie/trans.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16234 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19064 | | | | kernel: A memory leak in the | | | | | | | fsl_lpspi_probe() function in | | | | | | | drivers/spi/spi-fsl-lpspi.c | | | | | | | allows for... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19064 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19070 | | | | kernel: A memory leak in the | | | | | | | spi_gpio_probe() function in | | | | | | | drivers/spi/spi-gpio.c allows for... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19070 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19083 | | | | kernel: memory leaks in | | | | | | | *clock_source_create() functions | | | | | | | under drivers/gpu/drm/amd/display/dc | | | | | | | leads to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19083 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3178 | | | 4.19.171-1 | kernel: path traversal in | | | | | | | fs/nfsd/nfs3xdr.c may lead to | | | | | | | Information Disclosure or RCE... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3178 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0000000-F7A20F | | | | -->security-tracker.debian.org/tracker/TEMP-0000000-F7A20F | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2020-25670 | UNKNOWN | | | kernel: refcount leak | | | | | | | in llcp_sock_bind() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25670 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25671 | | | | kernel: refcount leak | | | | | | | in llcp_sock_connect() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25671 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25672 | | | | kernel: memory leak | | | | | | | in llcp_sock_connect() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25672 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25673 | | | | kernel: non-blocking socket | | | | | | | in llcp_sock_connect() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25673 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | login | CVE-2007-5686 | LOW | 1:4.5-1.1 | | initscripts in rPath Linux 1 | | | | | | | sets insecure permissions for | | | | | | | the /var/log/btmp file,... | | | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-7169 | | | | shadow-utils: newgidmap | | | | | | | allows unprivileged user to | | | | | | | drop supplementary groups | | | | | | | potentially allowing privilege... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19882 | | | | shadow-utils: local users can | | | | | | | obtain root access because setuid | | | | | | | programs are misconfigured... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0628843-DBAD28 | | | | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u4 | | Dual_EC_DRBG: weak pseudo | | | | | | | random number generator | | | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-0928 | | | | openssl: RSA authentication weakness | | | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1551 | | | | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | | | | | | | sets insecure permissions for | | | | | | | the /var/log/btmp file,... | | | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-7169 | | | | shadow-utils: newgidmap | | | | | | | allows unprivileged user to | | | | | | | drop supplementary groups | | | | | | | potentially allowing privilege... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19882 | | | | shadow-utils: local users can | | | | | | | obtain root access because setuid | | | | | | | programs are misconfigured... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0628843-DBAD28 | | | | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | perl-base | CVE-2011-4116 | | 5.28.1-6+deb10u1 | | perl: File::Temp insecure | | | | | | | temporary file handling | | | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | sqlite3 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandles certain SELECT | | | | | | | statements with a nonexistent | | | | | | | VIEW, leading to DoS... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | | | | | | | certain types of self-referential | | | | | | | views in conjunction with... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19924 | | | | sqlite: incorrect | | | | | | | sqlite3WindowRewrite() error | | | | | | | handling leads to mishandling | | | | | | | certain parser-tree rewriting | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13631 | | | | sqlite: Virtual table can be | | | | | | | renamed into the name of one of... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19244 | LOW | | | sqlite: allows a crash | | | | | | | if a sub-select uses both | | | | | | | DISTINCT and window... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-11656 | | | | sqlite: use-after-free in the | | | | | | | ALTER TABLE implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | sysvinit-utils | TEMP-0517018-A83CE6 | | 2.93-8 | | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | tar | CVE-2005-2541 | | 1.30+dfsg-6 | | Tar 1.15.1 does not | | | | | | | properly warn the user when | | | | | | | extracting setuid or... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9923 | | | | tar: null-pointer dereference | | | | | | | in pax_decode_header in sparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-20193 | | | | tar: Memory leak in | | | | | | | read_header() in list.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0290435-0B57B5 | | | | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ ```
OVERLORD added the better for forum label 2026-02-04 23:20:04 +03:00
OVERLORD commented 2026-02-04 23:20:12 +03:00
Author
Owner
Copy Link

@jjlin commented on GitHub (Feb 2, 2021):

This doesn't seem particularly valuable. Each bitwarden_rs image build generally uses the latest base image available and installs the latest packages available at that time, so that's pretty much the best that can be done, short of rebuilding the images on each base image update. This tool also has a ton of false positives...

@jjlin commented on GitHub (Feb 2, 2021): This doesn't seem particularly valuable. Each bitwarden_rs image build generally uses the latest base image available and installs the latest packages available at that time, so that's pretty much the best that can be done, short of rebuilding the images on each base image update. This tool also has a ton of false positives...
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label better for forum
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#916
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?