Docker-openldap: VULNERABILITYs in osixia/openldap:latest (debian 10.4), Total: 333 (UNKNOWN: 0, LOW: 183, MEDIUM: 71, HIGH: 77, CRITICAL: 2)

Created on 22 Nov 2020  ยท  2Comments  ยท  Source: osixia/docker-openldap

Total: 333 (UNKNOWN: 0, LOW: 183, MEDIUM: 71, HIGH: 77, CRITICAL: 2)

$ docker run --rm -v ~/.cache/trivy:/root/.cache/ aquasec/trivy:${VERSION} -debug $DUT:latest
osixia/openldap:latest (debian 10.4)

Most helpful comment

maxpeal@static:~$  docker run --rm -v ~/.cache/trivy:/root/.cache/ aquasec/trivy:${VERSION} -debug $DUT:latest
2020-11-22T02:54:21.792Z        DEBUG   Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2020-11-22T02:54:21.792Z        WARN    You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2020-11-22T02:54:21.793Z        DEBUG   cache dir:  /root/.cache/trivy
2020-11-22T02:54:21.793Z        DEBUG   DB update was skipped because DB is the latest
2020-11-22T02:54:21.793Z        DEBUG   DB Schema: 1, Type: 1, UpdatedAt: 2020-11-22 00:31:19.958804537 +0000 UTC, NextUpdate: 2020-11-22 12:31:19.958804137 +0000 UTC
2020-11-22T02:54:23.382Z        DEBUG   Vulnerability type:  [os library]
2020-11-22T02:54:23.601Z        DEBUG   Artifact ID: sha256:e55926b7c37760a8002c4fd597f1693c160fbd3fa70999d6a77b69a0ca355b3f
2020-11-22T02:54:23.601Z        DEBUG   Blob IDs: [sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74 sha256:03a9c9b54b49ac8fe7a500f1931b4baed25ed90a9376552f5319355268c0be7e sha256:bd056a92c4d64a942ec6dc69e86d3e50ccd71b2cee8f7f2b712f0f35b19ed109 sha256:5aed85da23adbed3149816aeadd210111107c512a4a41dbc745022f8d8dd5cd9 sha256:3a05bc4e8b1dd2b9630151d1459bb927430f50cb9881275eaafb97468b2abaeb sha256:afde22bc61207b0a36aa296355f36a8c5e500a9f6351c8056ff105476e668b0f sha256:a15f15357140962a58f8275dc980a6a16697c848dc68435fe8ce97bd489e8ee5 sha256:44a4bfda918abba4c19c3d4beb5d44db4876e4c7a233e57d5e5c48fa526c20cf sha256:52ae0430fc81e32eba354db8762e2e5d4d027b9eb4cf6c8006c49d2b6ef2a23c]
2020-11-22T02:54:23.605Z        INFO    Detecting Debian vulnerabilities...
2020-11-22T02:54:23.605Z        DEBUG   debian: os version: 10
2020-11-22T02:54:23.605Z        DEBUG   debian: the number of packages: 199

osixia/openldap:latest (debian 10.4)
====================================
Total: 333 (UNKNOWN: 0, LOW: 183, MEDIUM: 71, HIGH: 77, CRITICAL: 2)

+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
|       LIBRARY        |  VULNERABILITY ID   | SEVERITY |      INSTALLED VERSION       |        FIXED VERSION         |               TITLE                |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| apt                  | CVE-2011-3374       | LOW      | 1.8.2.1                      |                              | It was found that apt-key          |
|                      |                     |          |                              |                              | in apt, all versions, do not       |
|                      |                     |          |                              |                              | correctly...                       |
+----------------------+                     +          +                              +------------------------------+                                    +
| apt-transport-https  |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| apt-utils            |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| bash                 | CVE-2019-18276      |          | 5.0-4                        |                              | bash: when effective UID is        |
|                      |                     |          |                              |                              | not equal to its real UID          |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0841856-B18BAF |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| bind9-host           | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| coreutils            | CVE-2016-2781       | LOW      | 8.30-3                       |                              | coreutils: Non-privileged          |
|                      |                     |          |                              |                              | session can escape to the          |
|                      |                     |          |                              |                              | parent session in chroot           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-18018      |          |                              |                              | coreutils: race condition          |
|                      |                     |          |                              |                              | vulnerability in chown and         |
|                      |                     |          |                              |                              | chgrp                              |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| dirmngr              | CVE-2019-14855      |          | 2.2.12-1+deb10u1             |                              | gnupg2: OpenPGP Key                |
|                      |                     |          |                              |                              | Certification Forgeries with       |
|                      |                     |          |                              |                              | SHA-1                              |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gcc-8-base           | CVE-2018-12886      | HIGH     | 8.3.0-6                      |                              | gcc: spilling of stack             |
|                      |                     |          |                              |                              | protection address in              |
|                      |                     |          |                              |                              | cfgexpand.c and function.c         |
|                      |                     |          |                              |                              | leads to...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-15847      |          |                              |                              | gcc: POWER9 "DARN" RNG             |
|                      |                     |          |                              |                              | intrinsic produces repeated        |
|                      |                     |          |                              |                              | output                             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gnupg                | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1             |                              | gnupg2: OpenPGP Key                |
|                      |                     |          |                              |                              | Certification Forgeries with       |
|                      |                     |          |                              |                              | SHA-1                              |
+----------------------+                     +          +                              +------------------------------+                                    +
| gnupg-l10n           |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gnupg-utils          |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg                  |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg-agent            |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg-wks-client       |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg-wks-server       |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpgconf              |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpgsm                |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpgv                 |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| iproute2             | CVE-2019-20795      | MEDIUM   | 4.20.0-2                     |                              | iproute: use-after-free in         |
|                      |                     |          |                              |                              | get_netnsid_from_name in           |
|                      |                     |          |                              |                              | ip/ipnetns.c                       |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| krb5-kdc             | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| krb5-kdc-ldap        | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| krb5-user            | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| ldap-utils           | CVE-2015-3276       |          | 2.4.50+dfsg-1~bpo10+1        |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libapt-inst2.0       | CVE-2011-3374       |          | 1.8.2.1                      |                              | It was found that apt-key          |
|                      |                     |          |                              |                              | in apt, all versions, do not       |
|                      |                     |          |                              |                              | correctly...                       |
+----------------------+                     +          +                              +------------------------------+                                    +
| libapt-pkg5.0        |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libasn1-8-heimdal    | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libbind9-161         | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libc-bin             | CVE-2020-1751       | HIGH     | 2.28-10                      |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libc-l10n            | CVE-2020-1751       | HIGH     |                              |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libc6                | CVE-2020-1751       | HIGH     |                              |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libdns1104           | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libexpat1            | CVE-2013-0340       | LOW      | 2.2.6-2+deb10u1              |                              | expat: internal entity             |
|                      |                     |          |                              |                              | expansion                          |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcc1              | CVE-2018-12886      | HIGH     | 8.3.0-6                      |                              | gcc: spilling of stack             |
|                      |                     |          |                              |                              | protection address in              |
|                      |                     |          |                              |                              | cfgexpand.c and function.c         |
|                      |                     |          |                              |                              | leads to...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-15847      |          |                              |                              | gcc: POWER9 "DARN" RNG             |
|                      |                     |          |                              |                              | intrinsic produces repeated        |
|                      |                     |          |                              |                              | output                             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcrypt20          | CVE-2019-12904      | MEDIUM   | 1.8.4-5                      |                              | Libgcrypt: physical addresses      |
|                      |                     |          |                              |                              | being available to other           |
|                      |                     |          |                              |                              | processes leads to a               |
|                      |                     |          |                              |                              | flush-and-reload...                |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-13627      |          |                              |                              | libgcrypt: ECDSA timing attack     |
|                      |                     |          |                              |                              | allowing private key leak          |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2018-6829       | LOW      |                              |                              | libgcrypt: ElGamal                 |
|                      |                     |          |                              |                              | implementation doesn't             |
|                      |                     |          |                              |                              | have semantic security             |
|                      |                     |          |                              |                              | due to incorrectly encoded         |
|                      |                     |          |                              |                              | plaintexts...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgnutls30          | CVE-2020-24659      | HIGH     | 3.6.7-4+deb10u4              |                              | gnutls: Heap buffer                |
|                      |                     |          |                              |                              | overflow in handshake with         |
|                      |                     |          |                              |                              | no_renegotiation alert sent        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-3389       | LOW      |                              |                              | HTTPS: block-wise                  |
|                      |                     |          |                              |                              | chosen-plaintext attack            |
|                      |                     |          |                              |                              | against SSL/TLS (BEAST)            |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgssapi-krb5-2     | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libgssrpc4           | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libhcrypto4-heimdal  | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+                     +          +                              +------------------------------+                                    +
| libhdb9-heimdal      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| libheimbase1-heimdal |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| libhx509-5-heimdal   |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libidn2-0            | CVE-2019-12290      | HIGH     | 2.0.5-1+deb10u1              |                              | GNU libidn2 before 2.2.0           |
|                      |                     |          |                              |                              | fails to perform the roundtrip     |
|                      |                     |          |                              |                              | checks specified in...             |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libisc1100           | CVE-2020-8623       |          | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+                              +                              +------------------------------------+
| libisccc161          | CVE-2020-8623       | HIGH     |                              |                              | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+                              +                              +------------------------------------+
| libisccfg163         | CVE-2020-8623       | HIGH     |                              |                              | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libjson-c3           | CVE-2020-12762      | HIGH     | 0.12.1+ds-2                  | 0.12.1+ds-2+deb10u1          | json-c: integer overflow and       |
|                      |                     |          |                              |                              | out-of-bounds write via a          |
|                      |                     |          |                              |                              | large JSON file                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libk5crypto3         | CVE-2020-28196      |          | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libkadm5clnt-mit11   | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libkadm5srv-mit11    | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkadm5srv8-heimdal | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkdb5-9            | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-26-heimdal   | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-3            | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libkrb5support0      | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libldap-2.4-2        | CVE-2015-3276       |          | 2.4.50+dfsg-1~bpo10+1        |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libldap-common       | CVE-2020-25692      | HIGH     | 2.4.47+dfsg-3+deb10u2        | 2.4.47+dfsg-3+deb10u3        | openldap: NULL pointer             |
|                      |                     |          |                              |                              | dereference for                    |
|                      |                     |          |                              |                              | unauthenticated packet in          |
|                      |                     |          |                              |                              | slapd                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25709      |          |                              | 2.4.47+dfsg-3+deb10u4        | openldap: assertion failure        |
|                      |                     |          |                              |                              | in Certificate List syntax         |
|                      |                     |          |                              |                              | validation                         |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-25710      |          |                              |                              | openldap: assertion failure in     |
|                      |                     |          |                              |                              | CSN normalization with invalid     |
|                      |                     |          |                              |                              | input                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2015-3276       | LOW      |                              |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblwres161          | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblz4-1             | CVE-2019-17543      | LOW      | 1.8.3-1                      |                              | lz4: heap-based buffer             |
|                      |                     |          |                              |                              | overflow in LZ4_write32            |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libmariadb3          | CVE-2020-15180      | CRITICAL | 1:10.3.22-0+deb10u1          | 1:10.3.25-0+deb10u1          | mariadb: Insufficient SST          |
|                      |                     |          |                              |                              | method name check leading          |
|                      |                     |          |                              |                              | to code injection in               |
|                      |                     |          |                              |                              | mysql-wsrep...                     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-13249      | HIGH     |                              | 1:10.3.23-0+deb10u1          | mariadb-connector-c: Improper      |
|                      |                     |          |                              |                              | validation of content in a OK      |
|                      |                     |          |                              |                              | packet received from server...     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14765      | MEDIUM   |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14776      |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14789      |          |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14812      |          |                              |                              | mysql: Server: Locking             |
|                      |                     |          |                              |                              | unspecified vulnerability (CPU     |
|                      |                     |          |                              |                              | Oct 2020)                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-2752       |          |                              | 1:10.3.23-0+deb10u1          | mysql: C API unspecified           |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2760       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2812       |          |                              |                              | mysql: Server: Stored              |
|                      |                     |          |                              |                              | Procedure unspecified              |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2814       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libonig5             | CVE-2020-26159      | HIGH     | 6.9.1-1                      |                              | oniguruma: Buffer overflow         |
|                      |                     |          |                              |                              | in concat_opt_exact_str could      |
|                      |                     |          |                              |                              | result in DoS                      |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-13224      | LOW      |                              |                              | oniguruma: Use-after-free in       |
|                      |                     |          |                              |                              | onig_new_deluxe() in regext.c      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-13225      |          |                              |                              | oniguruma: NULL pointer            |
|                      |                     |          |                              |                              | dereference in match_at() in       |
|                      |                     |          |                              |                              | regexec.c                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-16163      |          |                              |                              | oniguruma: Stack exhaustion in     |
|                      |                     |          |                              |                              | regcomp.c because of recursion     |
|                      |                     |          |                              |                              | in regparse.c                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19012      |          |                              |                              | oniguruma: integer overflow        |
|                      |                     |          |                              |                              | in search_in_range function        |
|                      |                     |          |                              |                              | in regexec.c leads to              |
|                      |                     |          |                              |                              | out-of-bounds read...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19203      |          |                              |                              | oniguruma: Heap-based              |
|                      |                     |          |                              |                              | buffer over-read in function       |
|                      |                     |          |                              |                              | gb18030_mbc_enc_len in file        |
|                      |                     |          |                              |                              | gb18030.c                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19204      |          |                              |                              | oniguruma: Heap-based              |
|                      |                     |          |                              |                              | buffer over-read in function       |
|                      |                     |          |                              |                              | fetch_interval_quantifier in       |
|                      |                     |          |                              |                              | regparse.c                         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19246      |          |                              |                              | oniguruma: Heap-based              |
|                      |                     |          |                              |                              | buffer overflow in                 |
|                      |                     |          |                              |                              | str_lower_case_match in            |
|                      |                     |          |                              |                              | regexec.c                          |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpcre3             | CVE-2020-14155      | MEDIUM   | 2:8.39-12                    |                              | pcre: integer overflow in          |
|                      |                     |          |                              |                              | libpcre                            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-11164      | LOW      |                              |                              | pcre: OP_KETRMAX feature           |
|                      |                     |          |                              |                              | in the match function in           |
|                      |                     |          |                              |                              | pcre_exec.c                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-16231      |          |                              |                              | pcre: self-recursive call in       |
|                      |                     |          |                              |                              | match() in pcre_exec.c leads       |
|                      |                     |          |                              |                              | to denial of service...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-7245       |          |                              |                              | pcre: stack-based                  |
|                      |                     |          |                              |                              | buffer overflow write in           |
|                      |                     |          |                              |                              | pcre32_copy_substring              |
+                      +---------------------+          +                              +------------------------------+                                    +
|                      | CVE-2017-7246       |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20838      |          |                              |                              | pcre: buffer over-read in JIT      |
|                      |                     |          |                              |                              | when UTF is disabled               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libperl5.28          | CVE-2020-10543      | HIGH     | 5.28.1-6                     | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpq5               | CVE-2020-14349      | HIGH     | 11.7-0+deb10u1               | 11.9-0+deb10u1               | postgresql: Uncontrolled           |
|                      |                     |          |                              |                              | search path element in logical     |
|                      |                     |          |                              |                              | replication                        |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-14350      |          |                              |                              | postgresql: Uncontrolled           |
|                      |                     |          |                              |                              | search path element in CREATE      |
|                      |                     |          |                              |                              | EXTENSION                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25694      |          |                              |                              | postgresql: Reconnection can       |
|                      |                     |          |                              |                              | downgrade connection security      |
|                      |                     |          |                              |                              | settings                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25695      |          |                              |                              | postgresql: Multiple features      |
|                      |                     |          |                              |                              | escape "security restricted        |
|                      |                     |          |                              |                              | operation" sandbox                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25696      |          |                              |                              | postgresql: psql's \gset           |
|                      |                     |          |                              |                              | allows overwriting specially       |
|                      |                     |          |                              |                              | treated variables                  |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-9193       | LOW      |                              |                              | postgresql: Command injection      |
|                      |                     |          |                              |                              | via "COPY TO/FROM PROGRAM"         |
|                      |                     |          |                              |                              | function                           |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpython3.7-minimal | CVE-2020-26116      | HIGH     | 3.7.3-2+deb10u1              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libpython3.7-stdlib  | CVE-2020-26116      | HIGH     |                              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libroken18-heimdal   | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libseccomp2          | CVE-2019-9893       | LOW      | 2.3.3-4                      |                              | libseccomp: incorrect              |
|                      |                     |          |                              |                              | generation of syscall filters      |
|                      |                     |          |                              |                              | in libseccomp                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libsqlite3-0         | CVE-2019-19603      | HIGH     | 3.27.2-3                     |                              | sqlite: mishandles certain         |
|                      |                     |          |                              |                              | SELECT statements with a           |
|                      |                     |          |                              |                              | nonexistent VIEW, leading to       |
|                      |                     |          |                              |                              | DoS...                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19923      |          |                              |                              | sqlite: mishandling of certain     |
|                      |                     |          |                              |                              | uses of SELECT DISTINCT            |
|                      |                     |          |                              |                              | involving a LEFT JOIN...           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19925      |          |                              |                              | sqlite: zipfileUpdate in           |
|                      |                     |          |                              |                              | ext/misc/zipfile.c mishandles      |
|                      |                     |          |                              |                              | a NULL pathname during an          |
|                      |                     |          |                              |                              | update of...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19959      |          |                              |                              | sqlite: mishandles certain         |
|                      |                     |          |                              |                              | uses of INSERT INTO in             |
|                      |                     |          |                              |                              | situations involving embedded      |
|                      |                     |          |                              |                              | '\0'...                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20218      |          |                              |                              | sqlite: selectExpander in          |
|                      |                     |          |                              |                              | select.c proceeds with WITH        |
|                      |                     |          |                              |                              | stack unwinding even after         |
|                      |                     |          |                              |                              | a...                               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13630      |          |                              |                              | sqlite: Use-after-free             |
|                      |                     |          |                              |                              | in fts3EvalNextRow in              |
|                      |                     |          |                              |                              | ext/fts3/fts3.c                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-16168      | MEDIUM   |                              |                              | sqlite: Division by zero in        |
|                      |                     |          |                              |                              | whereLoopAddBtreeIndex in          |
|                      |                     |          |                              |                              | sqlite3.c                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19645      |          |                              |                              | sqlite: infinite recursion         |
|                      |                     |          |                              |                              | via certain types of               |
|                      |                     |          |                              |                              | self-referential views in          |
|                      |                     |          |                              |                              | conjunction with...                |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19924      |          |                              |                              | sqlite: incorrect                  |
|                      |                     |          |                              |                              | sqlite3WindowRewrite() error       |
|                      |                     |          |                              |                              | handling leads to mishandling      |
|                      |                     |          |                              |                              | certain parser-tree rewriting      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13434      |          |                              |                              | sqlite: integer overflow in        |
|                      |                     |          |                              |                              | sqlite3_str_vappendf function      |
|                      |                     |          |                              |                              | in printf.c                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13435      |          |                              |                              | sqlite: NULL pointer               |
|                      |                     |          |                              |                              | dereference leads to               |
|                      |                     |          |                              |                              | segmentation fault in              |
|                      |                     |          |                              |                              | sqlite3ExprCodeTarget in           |
|                      |                     |          |                              |                              | expr.c...                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13631      |          |                              |                              | sqlite: Virtual table can be       |
|                      |                     |          |                              |                              | renamed into the name of one       |
|                      |                     |          |                              |                              | of...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13632      |          |                              |                              | sqlite: NULL pointer               |
|                      |                     |          |                              |                              | dereference in                     |
|                      |                     |          |                              |                              | ext/fts3/fts3_snippet.c via a      |
|                      |                     |          |                              |                              | crafted matchinfo() query          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15358      |          |                              |                              | sqlite: heap-based                 |
|                      |                     |          |                              |                              | buffer overflow in                 |
|                      |                     |          |                              |                              | multiSelectOrderBy due to          |
|                      |                     |          |                              |                              | mishandling of query-flattener     |
|                      |                     |          |                              |                              | optimization...                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-19244      | LOW      |                              |                              | sqlite: allows a crash if a        |
|                      |                     |          |                              |                              | sub-select uses both DISTINCT      |
|                      |                     |          |                              |                              | and window...                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-11656      |          |                              |                              | sqlite: use-after-free in the      |
|                      |                     |          |                              |                              | ALTER TABLE implementation         |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libssl1.1            | CVE-2007-6755       |          | 1.1.1d-0+deb10u3             |                              | Dual_EC_DRBG: weak pseudo          |
|                      |                     |          |                              |                              | random number generator            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-0928       |          |                              |                              | openssl: RSA authentication        |
|                      |                     |          |                              |                              | weakness                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1551       |          |                              |                              | openssl: Integer overflow in       |
|                      |                     |          |                              |                              | RSAZ modular exponentiation on     |
|                      |                     |          |                              |                              | x86_64                             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libstdc++6           | CVE-2018-12886      | HIGH     | 8.3.0-6                      |                              | gcc: spilling of stack             |
|                      |                     |          |                              |                              | protection address in              |
|                      |                     |          |                              |                              | cfgexpand.c and function.c         |
|                      |                     |          |                              |                              | leads to...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-15847      |          |                              |                              | gcc: POWER9 "DARN" RNG             |
|                      |                     |          |                              |                              | intrinsic produces repeated        |
|                      |                     |          |                              |                              | output                             |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libsystemd0          | CVE-2019-3843       |          | 241-7~deb10u4                |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can create             |
|                      |                     |          |                              |                              | SUID/SGID binaries                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-3844       |          |                              |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can get new            |
|                      |                     |          |                              |                              | privileges and create SGID         |
|                      |                     |          |                              |                              | binaries...                        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2013-4392       | LOW      |                              |                              | systemd: TOCTOU race condition     |
|                      |                     |          |                              |                              | when updating file permissions     |
|                      |                     |          |                              |                              | and SELinux security               |
|                      |                     |          |                              |                              | contexts...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20386      |          |                              |                              | systemd: memory leak               |
|                      |                     |          |                              |                              | in button_open() in                |
|                      |                     |          |                              |                              | login/logind-button.c when         |
|                      |                     |          |                              |                              | udev events are received...        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13776      |          |                              |                              | systemd: mishandles numerical      |
|                      |                     |          |                              |                              | usernames beginning with           |
|                      |                     |          |                              |                              | decimal digits or 0x followed      |
|                      |                     |          |                              |                              | by...                              |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libtasn1-6           | CVE-2018-1000654    |          | 4.13-3                       |                              | libtasn1: Infinite loop in         |
|                      |                     |          |                              |                              | _asn1_expand_object_id(ptree)      |
|                      |                     |          |                              |                              | leads to memory exhaustion         |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libudev1             | CVE-2019-3843       | HIGH     | 241-7~deb10u4                |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can create             |
|                      |                     |          |                              |                              | SUID/SGID binaries                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-3844       |          |                              |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can get new            |
|                      |                     |          |                              |                              | privileges and create SGID         |
|                      |                     |          |                              |                              | binaries...                        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2013-4392       | LOW      |                              |                              | systemd: TOCTOU race condition     |
|                      |                     |          |                              |                              | when updating file permissions     |
|                      |                     |          |                              |                              | and SELinux security               |
|                      |                     |          |                              |                              | contexts...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20386      |          |                              |                              | systemd: memory leak               |
|                      |                     |          |                              |                              | in button_open() in                |
|                      |                     |          |                              |                              | login/logind-button.c when         |
|                      |                     |          |                              |                              | udev events are received...        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13776      |          |                              |                              | systemd: mishandles numerical      |
|                      |                     |          |                              |                              | usernames beginning with           |
|                      |                     |          |                              |                              | decimal digits or 0x followed      |
|                      |                     |          |                              |                              | by...                              |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libwind0-heimdal     | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libxml2              | CVE-2016-9318       | HIGH     | 2.9.4+dfsg1-7                |                              | libxml2: XML External Entity       |
|                      |                     |          |                              |                              | vulnerability                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-16932      |          |                              |                              | libxml2: Infinite recursion in     |
|                      |                     |          |                              |                              | parameter entities                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19956      |          |                              |                              | libxml2: memory leak in            |
|                      |                     |          |                              |                              | xmlParseBalancedChunkMemoryRecover |
|                      |                     |          |                              |                              | in parser.c                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20388      |          |                              |                              | libxml2: memory leak               |
|                      |                     |          |                              |                              | in xmlSchemaPreRun in              |
|                      |                     |          |                              |                              | xmlschemas.c                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-7595       |          |                              |                              | libxml2: infinite loop in          |
|                      |                     |          |                              |                              | xmlStringLenDecodeEntities in      |
|                      |                     |          |                              |                              | some end-of-file situations        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2018-14567      | MEDIUM   |                              |                              | libxml2: Infinite loop caused      |
|                      |                     |          |                              |                              | by incorrect error detection       |
|                      |                     |          |                              |                              | during LZMA decompression          |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-18258      | LOW      |                              |                              | libxml2: Unrestricted memory       |
|                      |                     |          |                              |                              | usage in xz_head() function in     |
|                      |                     |          |                              |                              | xzlib.c                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-14404      |          |                              |                              | libxml2: NULL pointer              |
|                      |                     |          |                              |                              | dereference in                     |
|                      |                     |          |                              |                              | xmlXPathCompOpEval() function      |
|                      |                     |          |                              |                              | in xpath.c                         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-24977      |          |                              |                              | libxml2: Buffer Overflow           |
|                      |                     |          |                              |                              | vulnerability in                   |
|                      |                     |          |                              |                              | xmlEncodeEntitiesInternal at       |
|                      |                     |          |                              |                              | libxml2/entities.c                 |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libxtables12         | CVE-2012-2663       |          | 1.8.2-4                      |                              | iptables: --syn flag bypass        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-11360      |          |                              |                              | A buffer overflow in               |
|                      |                     |          |                              |                              | iptables-restore in netfilter      |
|                      |                     |          |                              |                              | iptables 1.8.2 allows an           |
|                      |                     |          |                              |                              | attacker...                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| locales              | CVE-2020-1751       | HIGH     | 2.28-10                      |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| login                | CVE-2007-5686       |          | 1:4.5-1.1                    |                              | initscripts in rPath Linux 1       |
|                      |                     |          |                              |                              | sets insecure permissions for      |
|                      |                     |          |                              |                              | the /var/log/btmp file,...         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2013-4235       |          |                              |                              | shadow-utils: TOCTOU race          |
|                      |                     |          |                              |                              | conditions by copying and          |
|                      |                     |          |                              |                              | removing directory trees           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-7169       |          |                              |                              | shadow-utils: newgidmap            |
|                      |                     |          |                              |                              | allows unprivileged user           |
|                      |                     |          |                              |                              | to drop supplementary              |
|                      |                     |          |                              |                              | groups potentially allowing        |
|                      |                     |          |                              |                              | privilege...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19882      |          |                              |                              | shadow-utils: local users          |
|                      |                     |          |                              |                              | can obtain root access             |
|                      |                     |          |                              |                              | because setuid programs are        |
|                      |                     |          |                              |                              | misconfigured...                   |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0628843-DBAD28 |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| mariadb-common       | CVE-2020-15180      | CRITICAL | 1:10.3.22-0+deb10u1          | 1:10.3.25-0+deb10u1          | mariadb: Insufficient SST          |
|                      |                     |          |                              |                              | method name check leading          |
|                      |                     |          |                              |                              | to code injection in               |
|                      |                     |          |                              |                              | mysql-wsrep...                     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-13249      | HIGH     |                              | 1:10.3.23-0+deb10u1          | mariadb-connector-c: Improper      |
|                      |                     |          |                              |                              | validation of content in a OK      |
|                      |                     |          |                              |                              | packet received from server...     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14765      | MEDIUM   |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14776      |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14789      |          |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14812      |          |                              |                              | mysql: Server: Locking             |
|                      |                     |          |                              |                              | unspecified vulnerability (CPU     |
|                      |                     |          |                              |                              | Oct 2020)                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-2752       |          |                              | 1:10.3.23-0+deb10u1          | mysql: C API unspecified           |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2760       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2812       |          |                              |                              | mysql: Server: Stored              |
|                      |                     |          |                              |                              | Procedure unspecified              |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2814       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| openssl              | CVE-2007-6755       | LOW      | 1.1.1d-0+deb10u3             |                              | Dual_EC_DRBG: weak pseudo          |
|                      |                     |          |                              |                              | random number generator            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-0928       |          |                              |                              | openssl: RSA authentication        |
|                      |                     |          |                              |                              | weakness                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1551       |          |                              |                              | openssl: Integer overflow in       |
|                      |                     |          |                              |                              | RSAZ modular exponentiation on     |
|                      |                     |          |                              |                              | x86_64                             |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| passwd               | CVE-2007-5686       |          | 1:4.5-1.1                    |                              | initscripts in rPath Linux 1       |
|                      |                     |          |                              |                              | sets insecure permissions for      |
|                      |                     |          |                              |                              | the /var/log/btmp file,...         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2013-4235       |          |                              |                              | shadow-utils: TOCTOU race          |
|                      |                     |          |                              |                              | conditions by copying and          |
|                      |                     |          |                              |                              | removing directory trees           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-7169       |          |                              |                              | shadow-utils: newgidmap            |
|                      |                     |          |                              |                              | allows unprivileged user           |
|                      |                     |          |                              |                              | to drop supplementary              |
|                      |                     |          |                              |                              | groups potentially allowing        |
|                      |                     |          |                              |                              | privilege...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19882      |          |                              |                              | shadow-utils: local users          |
|                      |                     |          |                              |                              | can obtain root access             |
|                      |                     |          |                              |                              | because setuid programs are        |
|                      |                     |          |                              |                              | misconfigured...                   |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0628843-DBAD28 |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| perl                 | CVE-2020-10543      | HIGH     | 5.28.1-6                     | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| perl-base            | CVE-2020-10543      | HIGH     |                              | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| perl-modules-5.28    | CVE-2020-10543      | HIGH     |                              | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| python3-yaml         | CVE-2017-18342      |          | 3.13-2                       |                              | PyYAML: yaml.load() API could      |
|                      |                     |          |                              |                              | execute arbitrary code             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| python3.7            | CVE-2020-26116      | HIGH     | 3.7.3-2+deb10u1              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| python3.7-minimal    | CVE-2020-26116      | HIGH     |                              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| slapd                | CVE-2015-3276       |          | 2.4.50+dfsg-1~bpo10+1        |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+          +                              +------------------------------+------------------------------------+
| slapd-contrib        | CVE-2015-3276       |          |                              |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| sysvinit-utils       | TEMP-0517018-A83CE6 |          | 2.93-8                       |                              |                                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| tar                  | CVE-2005-2541       |          | 1.30+dfsg-6                  |                              | Tar 1.15.1 does not properly       |
|                      |                     |          |                              |                              | warn the user when extracting      |
|                      |                     |          |                              |                              | setuid or...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9923       |          |                              |                              | tar: null-pointer dereference      |
|                      |                     |          |                              |                              | in pax_decode_header in            |
|                      |                     |          |                              |                              | sparse.c                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0290435-0B57B5 |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
maxpeal@static:~$

All 2 comments

maxpeal@static:~$  docker run --rm -v ~/.cache/trivy:/root/.cache/ aquasec/trivy:${VERSION} -debug $DUT:latest
2020-11-22T02:54:21.792Z        DEBUG   Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2020-11-22T02:54:21.792Z        WARN    You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2020-11-22T02:54:21.793Z        DEBUG   cache dir:  /root/.cache/trivy
2020-11-22T02:54:21.793Z        DEBUG   DB update was skipped because DB is the latest
2020-11-22T02:54:21.793Z        DEBUG   DB Schema: 1, Type: 1, UpdatedAt: 2020-11-22 00:31:19.958804537 +0000 UTC, NextUpdate: 2020-11-22 12:31:19.958804137 +0000 UTC
2020-11-22T02:54:23.382Z        DEBUG   Vulnerability type:  [os library]
2020-11-22T02:54:23.601Z        DEBUG   Artifact ID: sha256:e55926b7c37760a8002c4fd597f1693c160fbd3fa70999d6a77b69a0ca355b3f
2020-11-22T02:54:23.601Z        DEBUG   Blob IDs: [sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74 sha256:03a9c9b54b49ac8fe7a500f1931b4baed25ed90a9376552f5319355268c0be7e sha256:bd056a92c4d64a942ec6dc69e86d3e50ccd71b2cee8f7f2b712f0f35b19ed109 sha256:5aed85da23adbed3149816aeadd210111107c512a4a41dbc745022f8d8dd5cd9 sha256:3a05bc4e8b1dd2b9630151d1459bb927430f50cb9881275eaafb97468b2abaeb sha256:afde22bc61207b0a36aa296355f36a8c5e500a9f6351c8056ff105476e668b0f sha256:a15f15357140962a58f8275dc980a6a16697c848dc68435fe8ce97bd489e8ee5 sha256:44a4bfda918abba4c19c3d4beb5d44db4876e4c7a233e57d5e5c48fa526c20cf sha256:52ae0430fc81e32eba354db8762e2e5d4d027b9eb4cf6c8006c49d2b6ef2a23c]
2020-11-22T02:54:23.605Z        INFO    Detecting Debian vulnerabilities...
2020-11-22T02:54:23.605Z        DEBUG   debian: os version: 10
2020-11-22T02:54:23.605Z        DEBUG   debian: the number of packages: 199

osixia/openldap:latest (debian 10.4)
====================================
Total: 333 (UNKNOWN: 0, LOW: 183, MEDIUM: 71, HIGH: 77, CRITICAL: 2)

+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
|       LIBRARY        |  VULNERABILITY ID   | SEVERITY |      INSTALLED VERSION       |        FIXED VERSION         |               TITLE                |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| apt                  | CVE-2011-3374       | LOW      | 1.8.2.1                      |                              | It was found that apt-key          |
|                      |                     |          |                              |                              | in apt, all versions, do not       |
|                      |                     |          |                              |                              | correctly...                       |
+----------------------+                     +          +                              +------------------------------+                                    +
| apt-transport-https  |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| apt-utils            |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| bash                 | CVE-2019-18276      |          | 5.0-4                        |                              | bash: when effective UID is        |
|                      |                     |          |                              |                              | not equal to its real UID          |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0841856-B18BAF |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| bind9-host           | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| coreutils            | CVE-2016-2781       | LOW      | 8.30-3                       |                              | coreutils: Non-privileged          |
|                      |                     |          |                              |                              | session can escape to the          |
|                      |                     |          |                              |                              | parent session in chroot           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-18018      |          |                              |                              | coreutils: race condition          |
|                      |                     |          |                              |                              | vulnerability in chown and         |
|                      |                     |          |                              |                              | chgrp                              |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| dirmngr              | CVE-2019-14855      |          | 2.2.12-1+deb10u1             |                              | gnupg2: OpenPGP Key                |
|                      |                     |          |                              |                              | Certification Forgeries with       |
|                      |                     |          |                              |                              | SHA-1                              |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gcc-8-base           | CVE-2018-12886      | HIGH     | 8.3.0-6                      |                              | gcc: spilling of stack             |
|                      |                     |          |                              |                              | protection address in              |
|                      |                     |          |                              |                              | cfgexpand.c and function.c         |
|                      |                     |          |                              |                              | leads to...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-15847      |          |                              |                              | gcc: POWER9 "DARN" RNG             |
|                      |                     |          |                              |                              | intrinsic produces repeated        |
|                      |                     |          |                              |                              | output                             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gnupg                | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1             |                              | gnupg2: OpenPGP Key                |
|                      |                     |          |                              |                              | Certification Forgeries with       |
|                      |                     |          |                              |                              | SHA-1                              |
+----------------------+                     +          +                              +------------------------------+                                    +
| gnupg-l10n           |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gnupg-utils          |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg                  |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg-agent            |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg-wks-client       |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpg-wks-server       |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpgconf              |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpgsm                |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| gpgv                 |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| iproute2             | CVE-2019-20795      | MEDIUM   | 4.20.0-2                     |                              | iproute: use-after-free in         |
|                      |                     |          |                              |                              | get_netnsid_from_name in           |
|                      |                     |          |                              |                              | ip/ipnetns.c                       |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| krb5-kdc             | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| krb5-kdc-ldap        | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| krb5-user            | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| ldap-utils           | CVE-2015-3276       |          | 2.4.50+dfsg-1~bpo10+1        |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libapt-inst2.0       | CVE-2011-3374       |          | 1.8.2.1                      |                              | It was found that apt-key          |
|                      |                     |          |                              |                              | in apt, all versions, do not       |
|                      |                     |          |                              |                              | correctly...                       |
+----------------------+                     +          +                              +------------------------------+                                    +
| libapt-pkg5.0        |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libasn1-8-heimdal    | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libbind9-161         | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libc-bin             | CVE-2020-1751       | HIGH     | 2.28-10                      |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libc-l10n            | CVE-2020-1751       | HIGH     |                              |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libc6                | CVE-2020-1751       | HIGH     |                              |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libdns1104           | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libexpat1            | CVE-2013-0340       | LOW      | 2.2.6-2+deb10u1              |                              | expat: internal entity             |
|                      |                     |          |                              |                              | expansion                          |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcc1              | CVE-2018-12886      | HIGH     | 8.3.0-6                      |                              | gcc: spilling of stack             |
|                      |                     |          |                              |                              | protection address in              |
|                      |                     |          |                              |                              | cfgexpand.c and function.c         |
|                      |                     |          |                              |                              | leads to...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-15847      |          |                              |                              | gcc: POWER9 "DARN" RNG             |
|                      |                     |          |                              |                              | intrinsic produces repeated        |
|                      |                     |          |                              |                              | output                             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcrypt20          | CVE-2019-12904      | MEDIUM   | 1.8.4-5                      |                              | Libgcrypt: physical addresses      |
|                      |                     |          |                              |                              | being available to other           |
|                      |                     |          |                              |                              | processes leads to a               |
|                      |                     |          |                              |                              | flush-and-reload...                |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-13627      |          |                              |                              | libgcrypt: ECDSA timing attack     |
|                      |                     |          |                              |                              | allowing private key leak          |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2018-6829       | LOW      |                              |                              | libgcrypt: ElGamal                 |
|                      |                     |          |                              |                              | implementation doesn't             |
|                      |                     |          |                              |                              | have semantic security             |
|                      |                     |          |                              |                              | due to incorrectly encoded         |
|                      |                     |          |                              |                              | plaintexts...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgnutls30          | CVE-2020-24659      | HIGH     | 3.6.7-4+deb10u4              |                              | gnutls: Heap buffer                |
|                      |                     |          |                              |                              | overflow in handshake with         |
|                      |                     |          |                              |                              | no_renegotiation alert sent        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-3389       | LOW      |                              |                              | HTTPS: block-wise                  |
|                      |                     |          |                              |                              | chosen-plaintext attack            |
|                      |                     |          |                              |                              | against SSL/TLS (BEAST)            |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgssapi-krb5-2     | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libgssrpc4           | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libhcrypto4-heimdal  | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+                     +          +                              +------------------------------+                                    +
| libhdb9-heimdal      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| libheimbase1-heimdal |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+                     +          +                              +------------------------------+                                    +
| libhx509-5-heimdal   |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libidn2-0            | CVE-2019-12290      | HIGH     | 2.0.5-1+deb10u1              |                              | GNU libidn2 before 2.2.0           |
|                      |                     |          |                              |                              | fails to perform the roundtrip     |
|                      |                     |          |                              |                              | checks specified in...             |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libisc1100           | CVE-2020-8623       |          | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+                              +                              +------------------------------------+
| libisccc161          | CVE-2020-8623       | HIGH     |                              |                              | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+                              +                              +------------------------------------+
| libisccfg163         | CVE-2020-8623       | HIGH     |                              |                              | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libjson-c3           | CVE-2020-12762      | HIGH     | 0.12.1+ds-2                  | 0.12.1+ds-2+deb10u1          | json-c: integer overflow and       |
|                      |                     |          |                              |                              | out-of-bounds write via a          |
|                      |                     |          |                              |                              | large JSON file                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libk5crypto3         | CVE-2020-28196      |          | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libkadm5clnt-mit11   | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libkadm5srv-mit11    | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkadm5srv8-heimdal | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkdb5-9            | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-26-heimdal   | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-3            | CVE-2020-28196      | HIGH     | 1.17-3                       |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libkrb5support0      | CVE-2020-28196      | HIGH     |                              |                              | MIT Kerberos 5 (aka krb5)          |
|                      |                     |          |                              |                              | before 1.17.2 and 1.18.x           |
|                      |                     |          |                              |                              | before 1.18.3 allows...            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2004-0971       | LOW      |                              |                              | security flaw                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-5709       |          |                              |                              | krb5: integer overflow             |
|                      |                     |          |                              |                              | in dbentry->n_key_data in          |
|                      |                     |          |                              |                              | kadmin/dbutil/dump.c               |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libldap-2.4-2        | CVE-2015-3276       |          | 2.4.50+dfsg-1~bpo10+1        |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libldap-common       | CVE-2020-25692      | HIGH     | 2.4.47+dfsg-3+deb10u2        | 2.4.47+dfsg-3+deb10u3        | openldap: NULL pointer             |
|                      |                     |          |                              |                              | dereference for                    |
|                      |                     |          |                              |                              | unauthenticated packet in          |
|                      |                     |          |                              |                              | slapd                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25709      |          |                              | 2.4.47+dfsg-3+deb10u4        | openldap: assertion failure        |
|                      |                     |          |                              |                              | in Certificate List syntax         |
|                      |                     |          |                              |                              | validation                         |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-25710      |          |                              |                              | openldap: assertion failure in     |
|                      |                     |          |                              |                              | CSN normalization with invalid     |
|                      |                     |          |                              |                              | input                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2015-3276       | LOW      |                              |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblwres161          | CVE-2020-8623       | HIGH     | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable         |
|                      |                     |          |                              |                              | assertion failure in pk11.c        |
+                      +---------------------+----------+                              +                              +------------------------------------+
|                      | CVE-2020-8619       | MEDIUM   |                              |                              | bind: asterisk character in an     |
|                      |                     |          |                              |                              | empty non-terminal can cause       |
|                      |                     |          |                              |                              | an assertion failure...            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8622       |          |                              |                              | bind: truncated TSIG response      |
|                      |                     |          |                              |                              | can lead to an assertion           |
|                      |                     |          |                              |                              | failure                            |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-8624       |          |                              |                              | bind: incorrect enforcement        |
|                      |                     |          |                              |                              | of update-policy rules of type     |
|                      |                     |          |                              |                              | "subdomain"                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblz4-1             | CVE-2019-17543      | LOW      | 1.8.3-1                      |                              | lz4: heap-based buffer             |
|                      |                     |          |                              |                              | overflow in LZ4_write32            |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libmariadb3          | CVE-2020-15180      | CRITICAL | 1:10.3.22-0+deb10u1          | 1:10.3.25-0+deb10u1          | mariadb: Insufficient SST          |
|                      |                     |          |                              |                              | method name check leading          |
|                      |                     |          |                              |                              | to code injection in               |
|                      |                     |          |                              |                              | mysql-wsrep...                     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-13249      | HIGH     |                              | 1:10.3.23-0+deb10u1          | mariadb-connector-c: Improper      |
|                      |                     |          |                              |                              | validation of content in a OK      |
|                      |                     |          |                              |                              | packet received from server...     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14765      | MEDIUM   |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14776      |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14789      |          |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14812      |          |                              |                              | mysql: Server: Locking             |
|                      |                     |          |                              |                              | unspecified vulnerability (CPU     |
|                      |                     |          |                              |                              | Oct 2020)                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-2752       |          |                              | 1:10.3.23-0+deb10u1          | mysql: C API unspecified           |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2760       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2812       |          |                              |                              | mysql: Server: Stored              |
|                      |                     |          |                              |                              | Procedure unspecified              |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2814       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libonig5             | CVE-2020-26159      | HIGH     | 6.9.1-1                      |                              | oniguruma: Buffer overflow         |
|                      |                     |          |                              |                              | in concat_opt_exact_str could      |
|                      |                     |          |                              |                              | result in DoS                      |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-13224      | LOW      |                              |                              | oniguruma: Use-after-free in       |
|                      |                     |          |                              |                              | onig_new_deluxe() in regext.c      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-13225      |          |                              |                              | oniguruma: NULL pointer            |
|                      |                     |          |                              |                              | dereference in match_at() in       |
|                      |                     |          |                              |                              | regexec.c                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-16163      |          |                              |                              | oniguruma: Stack exhaustion in     |
|                      |                     |          |                              |                              | regcomp.c because of recursion     |
|                      |                     |          |                              |                              | in regparse.c                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19012      |          |                              |                              | oniguruma: integer overflow        |
|                      |                     |          |                              |                              | in search_in_range function        |
|                      |                     |          |                              |                              | in regexec.c leads to              |
|                      |                     |          |                              |                              | out-of-bounds read...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19203      |          |                              |                              | oniguruma: Heap-based              |
|                      |                     |          |                              |                              | buffer over-read in function       |
|                      |                     |          |                              |                              | gb18030_mbc_enc_len in file        |
|                      |                     |          |                              |                              | gb18030.c                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19204      |          |                              |                              | oniguruma: Heap-based              |
|                      |                     |          |                              |                              | buffer over-read in function       |
|                      |                     |          |                              |                              | fetch_interval_quantifier in       |
|                      |                     |          |                              |                              | regparse.c                         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19246      |          |                              |                              | oniguruma: Heap-based              |
|                      |                     |          |                              |                              | buffer overflow in                 |
|                      |                     |          |                              |                              | str_lower_case_match in            |
|                      |                     |          |                              |                              | regexec.c                          |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpcre3             | CVE-2020-14155      | MEDIUM   | 2:8.39-12                    |                              | pcre: integer overflow in          |
|                      |                     |          |                              |                              | libpcre                            |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-11164      | LOW      |                              |                              | pcre: OP_KETRMAX feature           |
|                      |                     |          |                              |                              | in the match function in           |
|                      |                     |          |                              |                              | pcre_exec.c                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-16231      |          |                              |                              | pcre: self-recursive call in       |
|                      |                     |          |                              |                              | match() in pcre_exec.c leads       |
|                      |                     |          |                              |                              | to denial of service...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-7245       |          |                              |                              | pcre: stack-based                  |
|                      |                     |          |                              |                              | buffer overflow write in           |
|                      |                     |          |                              |                              | pcre32_copy_substring              |
+                      +---------------------+          +                              +------------------------------+                                    +
|                      | CVE-2017-7246       |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20838      |          |                              |                              | pcre: buffer over-read in JIT      |
|                      |                     |          |                              |                              | when UTF is disabled               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libperl5.28          | CVE-2020-10543      | HIGH     | 5.28.1-6                     | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpq5               | CVE-2020-14349      | HIGH     | 11.7-0+deb10u1               | 11.9-0+deb10u1               | postgresql: Uncontrolled           |
|                      |                     |          |                              |                              | search path element in logical     |
|                      |                     |          |                              |                              | replication                        |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-14350      |          |                              |                              | postgresql: Uncontrolled           |
|                      |                     |          |                              |                              | search path element in CREATE      |
|                      |                     |          |                              |                              | EXTENSION                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25694      |          |                              |                              | postgresql: Reconnection can       |
|                      |                     |          |                              |                              | downgrade connection security      |
|                      |                     |          |                              |                              | settings                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25695      |          |                              |                              | postgresql: Multiple features      |
|                      |                     |          |                              |                              | escape "security restricted        |
|                      |                     |          |                              |                              | operation" sandbox                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-25696      |          |                              |                              | postgresql: psql's \gset           |
|                      |                     |          |                              |                              | allows overwriting specially       |
|                      |                     |          |                              |                              | treated variables                  |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-9193       | LOW      |                              |                              | postgresql: Command injection      |
|                      |                     |          |                              |                              | via "COPY TO/FROM PROGRAM"         |
|                      |                     |          |                              |                              | function                           |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpython3.7-minimal | CVE-2020-26116      | HIGH     | 3.7.3-2+deb10u1              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| libpython3.7-stdlib  | CVE-2020-26116      | HIGH     |                              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libroken18-heimdal   | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libseccomp2          | CVE-2019-9893       | LOW      | 2.3.3-4                      |                              | libseccomp: incorrect              |
|                      |                     |          |                              |                              | generation of syscall filters      |
|                      |                     |          |                              |                              | in libseccomp                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libsqlite3-0         | CVE-2019-19603      | HIGH     | 3.27.2-3                     |                              | sqlite: mishandles certain         |
|                      |                     |          |                              |                              | SELECT statements with a           |
|                      |                     |          |                              |                              | nonexistent VIEW, leading to       |
|                      |                     |          |                              |                              | DoS...                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19923      |          |                              |                              | sqlite: mishandling of certain     |
|                      |                     |          |                              |                              | uses of SELECT DISTINCT            |
|                      |                     |          |                              |                              | involving a LEFT JOIN...           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19925      |          |                              |                              | sqlite: zipfileUpdate in           |
|                      |                     |          |                              |                              | ext/misc/zipfile.c mishandles      |
|                      |                     |          |                              |                              | a NULL pathname during an          |
|                      |                     |          |                              |                              | update of...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19959      |          |                              |                              | sqlite: mishandles certain         |
|                      |                     |          |                              |                              | uses of INSERT INTO in             |
|                      |                     |          |                              |                              | situations involving embedded      |
|                      |                     |          |                              |                              | '\0'...                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20218      |          |                              |                              | sqlite: selectExpander in          |
|                      |                     |          |                              |                              | select.c proceeds with WITH        |
|                      |                     |          |                              |                              | stack unwinding even after         |
|                      |                     |          |                              |                              | a...                               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13630      |          |                              |                              | sqlite: Use-after-free             |
|                      |                     |          |                              |                              | in fts3EvalNextRow in              |
|                      |                     |          |                              |                              | ext/fts3/fts3.c                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-16168      | MEDIUM   |                              |                              | sqlite: Division by zero in        |
|                      |                     |          |                              |                              | whereLoopAddBtreeIndex in          |
|                      |                     |          |                              |                              | sqlite3.c                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19645      |          |                              |                              | sqlite: infinite recursion         |
|                      |                     |          |                              |                              | via certain types of               |
|                      |                     |          |                              |                              | self-referential views in          |
|                      |                     |          |                              |                              | conjunction with...                |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19924      |          |                              |                              | sqlite: incorrect                  |
|                      |                     |          |                              |                              | sqlite3WindowRewrite() error       |
|                      |                     |          |                              |                              | handling leads to mishandling      |
|                      |                     |          |                              |                              | certain parser-tree rewriting      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13434      |          |                              |                              | sqlite: integer overflow in        |
|                      |                     |          |                              |                              | sqlite3_str_vappendf function      |
|                      |                     |          |                              |                              | in printf.c                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13435      |          |                              |                              | sqlite: NULL pointer               |
|                      |                     |          |                              |                              | dereference leads to               |
|                      |                     |          |                              |                              | segmentation fault in              |
|                      |                     |          |                              |                              | sqlite3ExprCodeTarget in           |
|                      |                     |          |                              |                              | expr.c...                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13631      |          |                              |                              | sqlite: Virtual table can be       |
|                      |                     |          |                              |                              | renamed into the name of one       |
|                      |                     |          |                              |                              | of...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13632      |          |                              |                              | sqlite: NULL pointer               |
|                      |                     |          |                              |                              | dereference in                     |
|                      |                     |          |                              |                              | ext/fts3/fts3_snippet.c via a      |
|                      |                     |          |                              |                              | crafted matchinfo() query          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15358      |          |                              |                              | sqlite: heap-based                 |
|                      |                     |          |                              |                              | buffer overflow in                 |
|                      |                     |          |                              |                              | multiSelectOrderBy due to          |
|                      |                     |          |                              |                              | mishandling of query-flattener     |
|                      |                     |          |                              |                              | optimization...                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2019-19244      | LOW      |                              |                              | sqlite: allows a crash if a        |
|                      |                     |          |                              |                              | sub-select uses both DISTINCT      |
|                      |                     |          |                              |                              | and window...                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-11656      |          |                              |                              | sqlite: use-after-free in the      |
|                      |                     |          |                              |                              | ALTER TABLE implementation         |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libssl1.1            | CVE-2007-6755       |          | 1.1.1d-0+deb10u3             |                              | Dual_EC_DRBG: weak pseudo          |
|                      |                     |          |                              |                              | random number generator            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-0928       |          |                              |                              | openssl: RSA authentication        |
|                      |                     |          |                              |                              | weakness                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1551       |          |                              |                              | openssl: Integer overflow in       |
|                      |                     |          |                              |                              | RSAZ modular exponentiation on     |
|                      |                     |          |                              |                              | x86_64                             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libstdc++6           | CVE-2018-12886      | HIGH     | 8.3.0-6                      |                              | gcc: spilling of stack             |
|                      |                     |          |                              |                              | protection address in              |
|                      |                     |          |                              |                              | cfgexpand.c and function.c         |
|                      |                     |          |                              |                              | leads to...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-15847      |          |                              |                              | gcc: POWER9 "DARN" RNG             |
|                      |                     |          |                              |                              | intrinsic produces repeated        |
|                      |                     |          |                              |                              | output                             |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libsystemd0          | CVE-2019-3843       |          | 241-7~deb10u4                |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can create             |
|                      |                     |          |                              |                              | SUID/SGID binaries                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-3844       |          |                              |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can get new            |
|                      |                     |          |                              |                              | privileges and create SGID         |
|                      |                     |          |                              |                              | binaries...                        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2013-4392       | LOW      |                              |                              | systemd: TOCTOU race condition     |
|                      |                     |          |                              |                              | when updating file permissions     |
|                      |                     |          |                              |                              | and SELinux security               |
|                      |                     |          |                              |                              | contexts...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20386      |          |                              |                              | systemd: memory leak               |
|                      |                     |          |                              |                              | in button_open() in                |
|                      |                     |          |                              |                              | login/logind-button.c when         |
|                      |                     |          |                              |                              | udev events are received...        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13776      |          |                              |                              | systemd: mishandles numerical      |
|                      |                     |          |                              |                              | usernames beginning with           |
|                      |                     |          |                              |                              | decimal digits or 0x followed      |
|                      |                     |          |                              |                              | by...                              |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libtasn1-6           | CVE-2018-1000654    |          | 4.13-3                       |                              | libtasn1: Infinite loop in         |
|                      |                     |          |                              |                              | _asn1_expand_object_id(ptree)      |
|                      |                     |          |                              |                              | leads to memory exhaustion         |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libudev1             | CVE-2019-3843       | HIGH     | 241-7~deb10u4                |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can create             |
|                      |                     |          |                              |                              | SUID/SGID binaries                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-3844       |          |                              |                              | systemd: services with             |
|                      |                     |          |                              |                              | DynamicUser can get new            |
|                      |                     |          |                              |                              | privileges and create SGID         |
|                      |                     |          |                              |                              | binaries...                        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2013-4392       | LOW      |                              |                              | systemd: TOCTOU race condition     |
|                      |                     |          |                              |                              | when updating file permissions     |
|                      |                     |          |                              |                              | and SELinux security               |
|                      |                     |          |                              |                              | contexts...                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20386      |          |                              |                              | systemd: memory leak               |
|                      |                     |          |                              |                              | in button_open() in                |
|                      |                     |          |                              |                              | login/logind-button.c when         |
|                      |                     |          |                              |                              | udev events are received...        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-13776      |          |                              |                              | systemd: mishandles numerical      |
|                      |                     |          |                              |                              | usernames beginning with           |
|                      |                     |          |                              |                              | decimal digits or 0x followed      |
|                      |                     |          |                              |                              | by...                              |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libwind0-heimdal     | CVE-2019-14870      | MEDIUM   | 7.5.0+dfsg-3                 |                              | samba: The                         |
|                      |                     |          |                              |                              | DelegationNotAllowed Kerberos      |
|                      |                     |          |                              |                              | feature restriction was            |
|                      |                     |          |                              |                              | not being applied when             |
|                      |                     |          |                              |                              | processing...                      |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libxml2              | CVE-2016-9318       | HIGH     | 2.9.4+dfsg1-7                |                              | libxml2: XML External Entity       |
|                      |                     |          |                              |                              | vulnerability                      |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-16932      |          |                              |                              | libxml2: Infinite recursion in     |
|                      |                     |          |                              |                              | parameter entities                 |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19956      |          |                              |                              | libxml2: memory leak in            |
|                      |                     |          |                              |                              | xmlParseBalancedChunkMemoryRecover |
|                      |                     |          |                              |                              | in parser.c                        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-20388      |          |                              |                              | libxml2: memory leak               |
|                      |                     |          |                              |                              | in xmlSchemaPreRun in              |
|                      |                     |          |                              |                              | xmlschemas.c                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-7595       |          |                              |                              | libxml2: infinite loop in          |
|                      |                     |          |                              |                              | xmlStringLenDecodeEntities in      |
|                      |                     |          |                              |                              | some end-of-file situations        |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2018-14567      | MEDIUM   |                              |                              | libxml2: Infinite loop caused      |
|                      |                     |          |                              |                              | by incorrect error detection       |
|                      |                     |          |                              |                              | during LZMA decompression          |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-18258      | LOW      |                              |                              | libxml2: Unrestricted memory       |
|                      |                     |          |                              |                              | usage in xz_head() function in     |
|                      |                     |          |                              |                              | xzlib.c                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-14404      |          |                              |                              | libxml2: NULL pointer              |
|                      |                     |          |                              |                              | dereference in                     |
|                      |                     |          |                              |                              | xmlXPathCompOpEval() function      |
|                      |                     |          |                              |                              | in xpath.c                         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-24977      |          |                              |                              | libxml2: Buffer Overflow           |
|                      |                     |          |                              |                              | vulnerability in                   |
|                      |                     |          |                              |                              | xmlEncodeEntitiesInternal at       |
|                      |                     |          |                              |                              | libxml2/entities.c                 |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| libxtables12         | CVE-2012-2663       |          | 1.8.2-4                      |                              | iptables: --syn flag bypass        |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-11360      |          |                              |                              | A buffer overflow in               |
|                      |                     |          |                              |                              | iptables-restore in netfilter      |
|                      |                     |          |                              |                              | iptables 1.8.2 allows an           |
|                      |                     |          |                              |                              | attacker...                        |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| locales              | CVE-2020-1751       | HIGH     | 2.28-10                      |                              | glibc: array overflow in           |
|                      |                     |          |                              |                              | backtrace functions for            |
|                      |                     |          |                              |                              | powerpc                            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-1752       |          |                              |                              | glibc: use-after-free in           |
|                      |                     |          |                              |                              | glob() function when expanding     |
|                      |                     |          |                              |                              | ~user                              |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-10029      | MEDIUM   |                              |                              | glibc: stack corruption from       |
|                      |                     |          |                              |                              | crafted input in cosl, sinl,       |
|                      |                     |          |                              |                              | sincosl, and tanl...               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27618      |          |                              |                              | glibc: iconv when processing       |
|                      |                     |          |                              |                              | invalid multi-byte input           |
|                      |                     |          |                              |                              | sequences fails to advance         |
|                      |                     |          |                              |                              | the...                             |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2010-4051       | LOW      |                              |                              | CVE-2010-4052 glibc:               |
|                      |                     |          |                              |                              | De-recursivise regular             |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4052       |          |                              |                              | CVE-2010-4051 CVE-2010-4052        |
|                      |                     |          |                              |                              | glibc: De-recursivise regular      |
|                      |                     |          |                              |                              | expression engine                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-4756       |          |                              |                              | glibc: glob implementation can     |
|                      |                     |          |                              |                              | cause excessive CPU and memory     |
|                      |                     |          |                              |                              | consumption due to...              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2016-10228      |          |                              |                              | glibc: iconv program can           |
|                      |                     |          |                              |                              | hang when invoked with the -c      |
|                      |                     |          |                              |                              | option                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-20796      |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010022    |          |                              |                              | glibc: stack guard protection      |
|                      |                     |          |                              |                              | bypass                             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010023    |          |                              |                              | glibc: running ldd on              |
|                      |                     |          |                              |                              | malicious ELF leads to code        |
|                      |                     |          |                              |                              | execution because of...            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010024    |          |                              |                              | glibc: ASLR bypass using cache     |
|                      |                     |          |                              |                              | of thread stack and heap           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1010025    |          |                              |                              | glibc: information disclosure      |
|                      |                     |          |                              |                              | of heap addresses of               |
|                      |                     |          |                              |                              | pthread_created thread             |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19126      |          |                              |                              | glibc:                             |
|                      |                     |          |                              |                              | LD_PREFER_MAP_32BIT_EXEC not       |
|                      |                     |          |                              |                              | ignored in setuid binaries         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9192       |          |                              |                              | glibc: uncontrolled                |
|                      |                     |          |                              |                              | recursion in function              |
|                      |                     |          |                              |                              | check_dst_limits_calc_pos_1 in     |
|                      |                     |          |                              |                              | posix/regexec.c                    |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-6096       |          |                              |                              | glibc: signed comparison           |
|                      |                     |          |                              |                              | vulnerability in the ARMv7         |
|                      |                     |          |                              |                              | memcpy function                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| login                | CVE-2007-5686       |          | 1:4.5-1.1                    |                              | initscripts in rPath Linux 1       |
|                      |                     |          |                              |                              | sets insecure permissions for      |
|                      |                     |          |                              |                              | the /var/log/btmp file,...         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2013-4235       |          |                              |                              | shadow-utils: TOCTOU race          |
|                      |                     |          |                              |                              | conditions by copying and          |
|                      |                     |          |                              |                              | removing directory trees           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-7169       |          |                              |                              | shadow-utils: newgidmap            |
|                      |                     |          |                              |                              | allows unprivileged user           |
|                      |                     |          |                              |                              | to drop supplementary              |
|                      |                     |          |                              |                              | groups potentially allowing        |
|                      |                     |          |                              |                              | privilege...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19882      |          |                              |                              | shadow-utils: local users          |
|                      |                     |          |                              |                              | can obtain root access             |
|                      |                     |          |                              |                              | because setuid programs are        |
|                      |                     |          |                              |                              | misconfigured...                   |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0628843-DBAD28 |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| mariadb-common       | CVE-2020-15180      | CRITICAL | 1:10.3.22-0+deb10u1          | 1:10.3.25-0+deb10u1          | mariadb: Insufficient SST          |
|                      |                     |          |                              |                              | method name check leading          |
|                      |                     |          |                              |                              | to code injection in               |
|                      |                     |          |                              |                              | mysql-wsrep...                     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-13249      | HIGH     |                              | 1:10.3.23-0+deb10u1          | mariadb-connector-c: Improper      |
|                      |                     |          |                              |                              | validation of content in a OK      |
|                      |                     |          |                              |                              | packet received from server...     |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14765      | MEDIUM   |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14776      |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14789      |          |                              |                              | mysql: Server: FTS unspecified     |
|                      |                     |          |                              |                              | vulnerability (CPU Oct 2020)       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-14812      |          |                              |                              | mysql: Server: Locking             |
|                      |                     |          |                              |                              | unspecified vulnerability (CPU     |
|                      |                     |          |                              |                              | Oct 2020)                          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-2752       |          |                              | 1:10.3.23-0+deb10u1          | mysql: C API unspecified           |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2760       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2812       |          |                              |                              | mysql: Server: Stored              |
|                      |                     |          |                              |                              | Procedure unspecified              |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-2814       |          |                              |                              | mysql: InnoDB unspecified          |
|                      |                     |          |                              |                              | vulnerability (CPU Apr 2020)       |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| openssl              | CVE-2007-6755       | LOW      | 1.1.1d-0+deb10u3             |                              | Dual_EC_DRBG: weak pseudo          |
|                      |                     |          |                              |                              | random number generator            |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2010-0928       |          |                              |                              | openssl: RSA authentication        |
|                      |                     |          |                              |                              | weakness                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-1551       |          |                              |                              | openssl: Integer overflow in       |
|                      |                     |          |                              |                              | RSAZ modular exponentiation on     |
|                      |                     |          |                              |                              | x86_64                             |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| passwd               | CVE-2007-5686       |          | 1:4.5-1.1                    |                              | initscripts in rPath Linux 1       |
|                      |                     |          |                              |                              | sets insecure permissions for      |
|                      |                     |          |                              |                              | the /var/log/btmp file,...         |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2013-4235       |          |                              |                              | shadow-utils: TOCTOU race          |
|                      |                     |          |                              |                              | conditions by copying and          |
|                      |                     |          |                              |                              | removing directory trees           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2018-7169       |          |                              |                              | shadow-utils: newgidmap            |
|                      |                     |          |                              |                              | allows unprivileged user           |
|                      |                     |          |                              |                              | to drop supplementary              |
|                      |                     |          |                              |                              | groups potentially allowing        |
|                      |                     |          |                              |                              | privilege...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-19882      |          |                              |                              | shadow-utils: local users          |
|                      |                     |          |                              |                              | can obtain root access             |
|                      |                     |          |                              |                              | because setuid programs are        |
|                      |                     |          |                              |                              | misconfigured...                   |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0628843-DBAD28 |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| perl                 | CVE-2020-10543      | HIGH     | 5.28.1-6                     | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| perl-base            | CVE-2020-10543      | HIGH     |                              | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| perl-modules-5.28    | CVE-2020-10543      | HIGH     |                              | 5.28.1-6+deb10u1             | perl: heap-based buffer            |
|                      |                     |          |                              |                              | overflow in regular expression     |
|                      |                     |          |                              |                              | compiler leads to DoS              |
+                      +---------------------+          +                              +                              +------------------------------------+
|                      | CVE-2020-10878      |          |                              |                              | perl: corruption of                |
|                      |                     |          |                              |                              | intermediate language state        |
|                      |                     |          |                              |                              | of compiled regular expression     |
|                      |                     |          |                              |                              | due to...                          |
+                      +---------------------+          +                              +                              +                                    +
|                      | CVE-2020-12723      |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
|                      |                     |          |                              |                              |                                    |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2011-4116       | LOW      |                              |                              | perl: File::Temp insecure          |
|                      |                     |          |                              |                              | temporary file handling            |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| python3-yaml         | CVE-2017-18342      |          | 3.13-2                       |                              | PyYAML: yaml.load() API could      |
|                      |                     |          |                              |                              | execute arbitrary code             |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| python3.7            | CVE-2020-26116      | HIGH     | 3.7.3-2+deb10u1              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+----------+                              +------------------------------+------------------------------------+
| python3.7-minimal    | CVE-2020-26116      | HIGH     |                              |                              | python: CRLF injection             |
|                      |                     |          |                              |                              | via HTTP request method in         |
|                      |                     |          |                              |                              | httplib/http.client                |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2020-14422      | MEDIUM   |                              | 3.7.3-2+deb10u2              | python: DoS via inefficiency       |
|                      |                     |          |                              |                              | in IPv{4,6}Interface classes       |
+                      +---------------------+----------+                              +------------------------------+------------------------------------+
|                      | CVE-2017-17522      | LOW      |                              |                              | python: Command injection in       |
|                      |                     |          |                              |                              | Lib/webbrowser.py                  |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-18348      |          |                              |                              | python: CRLF injection via the     |
|                      |                     |          |                              |                              | host part of the url passed        |
|                      |                     |          |                              |                              | to...                              |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9674       |          |                              |                              | python: Nested zip file            |
|                      |                     |          |                              |                              | (Zip bomb) vulnerability in        |
|                      |                     |          |                              |                              | Lib/zipfile.py                     |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-27619      |          |                              |                              | python: Python 3 eval of http      |
|                      |                     |          |                              |                              | resources during test suite        |
|                      |                     |          |                              |                              | runs                               |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| slapd                | CVE-2015-3276       |          | 2.4.50+dfsg-1~bpo10+1        |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+          +                              +------------------------------+------------------------------------+
| slapd-contrib        | CVE-2015-3276       |          |                              |                              | openldap: incorrect                |
|                      |                     |          |                              |                              | multi-keyword mode                 |
|                      |                     |          |                              |                              | cipherstring parsing               |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-14159      |          |                              |                              | openldap: Privilege escalation     |
|                      |                     |          |                              |                              | via PID file manipulation          |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2017-17740      |          |                              |                              | openldap:                          |
|                      |                     |          |                              |                              | contrib/slapd-modules/nops/nops.c  |
|                      |                     |          |                              |                              | attempts to free stack buffer      |
|                      |                     |          |                              |                              | allowing remote attackers to       |
|                      |                     |          |                              |                              | cause...                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2020-15719      |          |                              |                              | openldap: Certificate              |
|                      |                     |          |                              |                              | validation incorrectly matches     |
|                      |                     |          |                              |                              | name against CN-ID                 |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| sysvinit-utils       | TEMP-0517018-A83CE6 |          | 2.93-8                       |                              |                                    |
+----------------------+---------------------+          +------------------------------+------------------------------+------------------------------------+
| tar                  | CVE-2005-2541       |          | 1.30+dfsg-6                  |                              | Tar 1.15.1 does not properly       |
|                      |                     |          |                              |                              | warn the user when extracting      |
|                      |                     |          |                              |                              | setuid or...                       |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | CVE-2019-9923       |          |                              |                              | tar: null-pointer dereference      |
|                      |                     |          |                              |                              | in pax_decode_header in            |
|                      |                     |          |                              |                              | sparse.c                           |
+                      +---------------------+          +                              +------------------------------+------------------------------------+
|                      | TEMP-0290435-0B57B5 |          |                              |                              |                                    |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
maxpeal@static:~$

I can confirm this with Docker v20.10.0 and osixia/openldap:latest.

With Docker 20 you can easily check an image against vulnerabilities with

docker scan osixia/openldap:latest

This results in 150 found vulnerabilities. I find this quite heavy. Other popular images (e.g. php, nginx) have like 5 to 10 vulnerabilities, this image (which handles authentication!) has 150!


List of vulnerabilities

Testing osixia/openldap:latest...

โœ— Low severity vulnerability found in tar
  Description: CVE-2005-2541
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > [email protected]+dfsg-6

โœ— Low severity vulnerability found in tar
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > [email protected]+dfsg-6

โœ— Low severity vulnerability found in systemd/libsystemd0
  Description: Link Following
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
  Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
  From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
  From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
  From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
  and 3 more...

โœ— Low severity vulnerability found in systemd/libsystemd0
  Description: CVE-2019-9619
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-342768
  Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
  From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
  From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
  From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
  and 3 more...

โœ— Low severity vulnerability found in systemd/libsystemd0
  Description: Missing Release of Resource after Effective Lifetime
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
  Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
  From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
  From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
  From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
  and 3 more...

โœ— Low severity vulnerability found in systemd/libsystemd0
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-570991
  Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
  From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
  From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
  From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
  and 3 more...

โœ— Low severity vulnerability found in sqlite3/libsqlite3-0
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-535712
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...

โœ— Low severity vulnerability found in sqlite3/libsqlite3-0
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-565214
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...

โœ— Low severity vulnerability found in shadow/passwd
  Description: Time-of-check Time-of-use (TOCTOU)
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
  Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
  From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
  From: shadow/login@1:4.5-1.1
  From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1

โœ— Low severity vulnerability found in shadow/passwd
  Description: Incorrect Permission Assignment for Critical Resource
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
  Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
  From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
  From: shadow/login@1:4.5-1.1
  From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1

โœ— Low severity vulnerability found in shadow/passwd
  Description: Access Restriction Bypass
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
  Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
  From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
  From: shadow/login@1:4.5-1.1
  From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1

โœ— Low severity vulnerability found in shadow/passwd
  Description: Incorrect Permission Assignment for Critical Resource
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
  Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
  From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
  From: shadow/login@1:4.5-1.1
  From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1

โœ— Low severity vulnerability found in pyyaml/python3-yaml
  Description: Deserialization of Untrusted Data
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYYAML-287529
  Introduced through: pyyaml/[email protected]
  From: pyyaml/[email protected]

โœ— Low severity vulnerability found in python3.7/libpython3.7-minimal
  Description: CVE-2020-27619
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-1021148
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...

โœ— Low severity vulnerability found in python3.7/libpython3.7-minimal
  Description: Arbitrary Code Injection
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-279198
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...

โœ— Low severity vulnerability found in python3.7/libpython3.7-minimal
  Description: Arbitrary Code Injection
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-474392
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...

โœ— Low severity vulnerability found in python3.7/libpython3.7-minimal
  Description: Resource Exhaustion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-546419
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...

โœ— Low severity vulnerability found in postgresql-11/libpq5
  Description: OS Command Injection
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-342098
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1

โœ— Low severity vulnerability found in perl/perl-base
  Description: Link Following
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
  Introduced through: meta-common-packages@meta, [email protected]
  From: meta-common-packages@meta > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
  and 3 more...

โœ— Low severity vulnerability found in pcre3/libpcre3
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

โœ— Low severity vulnerability found in pcre3/libpcre3
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

โœ— Low severity vulnerability found in pcre3/libpcre3
  Description: Uncontrolled Recursion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

โœ— Low severity vulnerability found in pcre3/libpcre3
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

โœ— Low severity vulnerability found in pcre3/libpcre3
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

โœ— Low severity vulnerability found in p11-kit/libp11-kit0
  Description: CVE-2020-29362
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050832
  Introduced through: apt/[email protected]
  From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > p11-kit/[email protected]

โœ— Low severity vulnerability found in p11-kit/libp11-kit0
  Description: CVE-2020-29363
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050833
  Introduced through: apt/[email protected]
  From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > p11-kit/[email protected]

โœ— Low severity vulnerability found in openssl/libssl1.1
  Description: Cryptographic Issues
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374709
  Introduced through: meta-common-packages@meta, [email protected]+deb10u3
  From: meta-common-packages@meta > openssl/[email protected]+deb10u3
  From: [email protected]+deb10u3

โœ— Low severity vulnerability found in openssl/libssl1.1
  Description: Cryptographic Issues
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374996
  Introduced through: meta-common-packages@meta, [email protected]+deb10u3
  From: meta-common-packages@meta > openssl/[email protected]+deb10u3
  From: [email protected]+deb10u3

โœ— Low severity vulnerability found in openssl/libssl1.1
  Description: Information Exposure
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-536856
  Introduced through: meta-common-packages@meta, [email protected]+deb10u3
  From: meta-common-packages@meta > openssl/[email protected]+deb10u3
  From: [email protected]+deb10u3

โœ— Low severity vulnerability found in openldap/libldap-common
  Description: CVE-2020-25710
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1039832
  Introduced through: gnupg2/[email protected]+deb10u1
  From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
  Fixed in: 2.4.47+dfsg-3+deb10u4

โœ— Low severity vulnerability found in openldap/libldap-common
  Description: CVE-2020-25709
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1039835
  Introduced through: gnupg2/[email protected]+deb10u1
  From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
  Fixed in: 2.4.47+dfsg-3+deb10u4

โœ— Low severity vulnerability found in openldap/libldap-common
  Description: Improper Initialization
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304601
  Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
  From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
  From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
  and 11 more...

โœ— Low severity vulnerability found in openldap/libldap-common
  Description: Cryptographic Issues
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304654
  Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
  From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
  From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
  and 11 more...

โœ— Low severity vulnerability found in openldap/libldap-common
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304666
  Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
  From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
  From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
  and 11 more...

โœ— Low severity vulnerability found in openldap/libldap-common
  Description: Improper Certificate Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-584924
  Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
  From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
  From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
  and 11 more...

โœ— Low severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-15180
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1017374
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.25-0+deb10u1

โœ— Low severity vulnerability found in lz4/liblz4-1
  Description: Buffer Overflow
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
  Introduced through: apt/[email protected]
  From: apt/[email protected] > [email protected] > apt/[email protected] > lz4/[email protected]
  From: apt/[email protected] > [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u4 > lz4/[email protected]

โœ— Low severity vulnerability found in libxml2/libxml2
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-609787
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3

โœ— Low severity vulnerability found in libtasn1-6
  Description: Resource Management Errors
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
  Introduced through: apt/[email protected]
  From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > [email protected]

โœ— Low severity vulnerability found in libseccomp/libseccomp2
  Description: Access Restriction Bypass
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
  Introduced through: apt/[email protected]
  From: apt/[email protected] > [email protected] > libseccomp/[email protected]

โœ— Low severity vulnerability found in libonig/libonig5
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-452507
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— Low severity vulnerability found in libonig/libonig5
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-453113
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— Low severity vulnerability found in libonig/libonig5
  Description: Uncontrolled Recursion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-466425
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— Low severity vulnerability found in libonig/libonig5
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-534586
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— Low severity vulnerability found in libonig/libonig5
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-535359
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— Low severity vulnerability found in libonig/libonig5
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-535364
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— Low severity vulnerability found in libonig/libonig5
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-535542
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— Low severity vulnerability found in libgcrypt20
  Description: Use of a Broken or Risky Cryptographic Algorithm
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
  Introduced through: gnupg2/[email protected]+deb10u1, gnupg2/[email protected]+deb10u1, apt/[email protected]
  From: gnupg2/[email protected]+deb10u1 > [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
  and 7 more...

โœ— Low severity vulnerability found in krb5/libgssrpc4
  Description: CVE-2004-0971
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-395883
  Introduced through: krb5/[email protected], meta-common-packages@meta
  From: krb5/[email protected] > krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
  and 18 more...

โœ— Low severity vulnerability found in krb5/libgssrpc4
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-395955
  Introduced through: krb5/[email protected], meta-common-packages@meta
  From: krb5/[email protected] > krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
  and 18 more...

โœ— Low severity vulnerability found in iptables/libxtables12
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPTABLES-287323
  Introduced through: [email protected]
  From: [email protected] > iptables/[email protected]

โœ— Low severity vulnerability found in iptables/libxtables12
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPTABLES-451768
  Introduced through: [email protected]
  From: [email protected] > iptables/[email protected]

โœ— Low severity vulnerability found in gnutls28/libgnutls30
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
  Introduced through: gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, apt/[email protected], cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnutls28/[email protected]+deb10u4
  From: openldap/[email protected]+dfsg-1~bpo10+1 > gnutls28/[email protected]+deb10u4
  From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4
  and 3 more...

โœ— Low severity vulnerability found in gnupg2/gpgv
  Description: Use of a Broken or Risky Cryptographic Algorithm
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
  Introduced through: gnupg2/[email protected]+deb10u1, apt/[email protected], gnupg2/[email protected]+deb10u1
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1
  From: apt/[email protected] > [email protected] > gnupg2/[email protected]+deb10u1
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1
  and 18 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: CVE-2020-27618
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1035462
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Uncontrolled Recursion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Uncontrolled Recursion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356371
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Resource Management Errors
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356671
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Resource Management Errors
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: CVE-2010-4051
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356875
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Access Restriction Bypass
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Use of Insufficiently Random Values
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Information Exposure
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Information Exposure
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-534995
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in glibc/libc-bin
  Description: Integer Underflow
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-564233
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Low severity vulnerability found in expat/libexpat1
  Description: Access Restriction Bypass
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-EXPAT-358079
  Introduced through: python3-defaults/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > expat/[email protected]+deb10u1

โœ— Low severity vulnerability found in coreutils
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
  Introduced through: [email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected]

โœ— Low severity vulnerability found in coreutils
  Description: Race Condition
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
  Introduced through: [email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected]

โœ— Low severity vulnerability found in bash
  Description: Improper Check for Dropped Privileges
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
  Introduced through: [email protected]
  From: [email protected]

โœ— Low severity vulnerability found in apt/libapt-pkg5.0
  Description: Improper Verification of Cryptographic Signature
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-APT-407502
  Introduced through: apt/[email protected], apt/[email protected]
  From: apt/[email protected] > apt/[email protected]
  From: apt/[email protected] > [email protected] > apt/[email protected]
  From: apt/[email protected] > apt/[email protected] > apt/[email protected]
  and 5 more...

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Divide By Zero
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-466337
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Uncontrolled Recursion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537251
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Improper Handling of Exceptional Conditions
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539769
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570318
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570323
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: CVE-2020-13631
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570487
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570498
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— Medium severity vulnerability found in sqlite3/libsqlite3-0
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-574691
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— Medium severity vulnerability found in python3.7/libpython3.7-minimal
  Description: Resource Exhaustion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-543814
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...
  Fixed in: 3.7.3-2+deb10u2

โœ— Medium severity vulnerability found in python3.7/libpython3.7-minimal
  Description: Resource Exhaustion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-572846
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...
  Fixed in: 3.7.3-2+deb10u2

โœ— Medium severity vulnerability found in pcre3/libpcre3
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

โœ— Medium severity vulnerability found in openssl/libssl1.1
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1049098
  Introduced through: meta-common-packages@meta, [email protected]+deb10u3
  From: meta-common-packages@meta > openssl/[email protected]+deb10u3
  From: [email protected]+deb10u3
  Fixed in: 1.1.1d-0+deb10u4

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14776
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040128
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.27-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14789
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040131
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.27-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14765
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040133
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.27-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14812
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040137
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.27-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-2752
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570342
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.23-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-2814
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570354
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.23-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-2812
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570355
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.23-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-2760
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570360
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.23-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14540
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585786
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14539
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585787
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14576
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585788
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14567
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585806
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14550
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585810
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14559
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585811
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14547
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585812
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-14553
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585813
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1

โœ— Medium severity vulnerability found in libxml2/libxml2
  Description: Loop with Unreachable Exit Condition ('Infinite Loop')
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429393
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
  Fixed in: 2.9.4+dfsg1-7+deb10u1

โœ— Medium severity vulnerability found in libxml2/libxml2
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429526
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
  Fixed in: 2.9.4+dfsg1-7+deb10u1

โœ— Medium severity vulnerability found in libgcrypt20
  Description: Cryptographic Issues
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-450771
  Introduced through: gnupg2/[email protected]+deb10u1, gnupg2/[email protected]+deb10u1, apt/[email protected]
  From: gnupg2/[email protected]+deb10u1 > [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
  and 7 more...

โœ— Medium severity vulnerability found in libgcrypt20
  Description: Race Condition
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
  Introduced through: gnupg2/[email protected]+deb10u1, gnupg2/[email protected]+deb10u1, apt/[email protected]
  From: gnupg2/[email protected]+deb10u1 > [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
  and 7 more...

โœ— Medium severity vulnerability found in iproute2
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPROUTE2-568742
  Introduced through: [email protected]
  From: [email protected]

โœ— Medium severity vulnerability found in heimdal/libroken18-heimdal
  Description: Improper Authentication
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-HEIMDAL-537202
  Introduced through: openldap/[email protected]+dfsg-1~bpo10+1
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3
  and 20 more...

โœ— Medium severity vulnerability found in glibc/libc-bin
  Description: Out-of-Bounds
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559181
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— Medium severity vulnerability found in bind9/libisc1100
  Description: Improper Resource Shutdown or Release
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-572634
  Introduced through: krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  and 11 more...
  Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2

โœ— Medium severity vulnerability found in bind9/libisc1100
  Description: Reachable Assertion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-608017
  Introduced through: krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  and 11 more...
  Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2

โœ— Medium severity vulnerability found in bind9/libisc1100
  Description: Improper Privilege Management
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-608020
  Introduced through: krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  and 11 more...
  Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2

โœ— Medium severity vulnerability found in apt/libapt-pkg5.0
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-APT-1049974
  Introduced through: apt/[email protected], apt/[email protected]
  From: apt/[email protected] > apt/[email protected]
  From: apt/[email protected] > [email protected] > apt/[email protected]
  From: apt/[email protected] > apt/[email protected] > apt/[email protected]
  and 5 more...
  Fixed in: 1.8.2.2

โœ— High severity vulnerability found in systemd/libsystemd0
  Description: Privilege Chaining
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
  Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
  From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
  From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
  From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
  and 3 more...

โœ— High severity vulnerability found in systemd/libsystemd0
  Description: Incorrect Privilege Assignment
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
  Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
  From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
  From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
  From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
  and 3 more...

โœ— High severity vulnerability found in systemd/libsystemd0
  Description: Information Exposure
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-346788
  Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
  From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
  From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
  From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
  and 3 more...

โœ— High severity vulnerability found in sqlite3/libsqlite3-0
  Description: CVE-2019-19603
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537598
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...

โœ— High severity vulnerability found in sqlite3/libsqlite3-0
  Description: Unrestricted Upload of File with Dangerous Type
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539763
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— High severity vulnerability found in sqlite3/libsqlite3-0
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539773
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— High severity vulnerability found in sqlite3/libsqlite3-0
  Description: Improper Handling of Exceptional Conditions
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-540471
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— High severity vulnerability found in sqlite3/libsqlite3-0
  Description: CVE-2019-19959
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-540568
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— High severity vulnerability found in sqlite3/libsqlite3-0
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570494
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...
  Fixed in: 3.27.2-3+deb10u1

โœ— High severity vulnerability found in sqlite3/libsqlite3-0
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570723
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
  From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
  From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
  and 2 more...

โœ— High severity vulnerability found in python3.7/libpython3.7-minimal
  Description: Improper Encoding or Escaping of Output
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-1013422
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...

โœ— High severity vulnerability found in python3.7/libpython3.7-minimal
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-584371
  Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
  From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
  and 4 more...
  Fixed in: 3.7.3-2+deb10u2

โœ— High severity vulnerability found in postgresql-11/libpq5
  Description: Use of a Broken or Risky Cryptographic Algorithm
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-1040143
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1

โœ— High severity vulnerability found in postgresql-11/libpq5
  Description: SQL Injection
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-1040144
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1

โœ— High severity vulnerability found in postgresql-11/libpq5
  Description: Insufficient Comparison
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-1040145
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1

โœ— High severity vulnerability found in postgresql-11/libpq5
  Description: SQL Injection
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-598393
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
  Fixed in: 11.9-0+deb10u1

โœ— High severity vulnerability found in postgresql-11/libpq5
  Description: Untrusted Search Path
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-598395
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
  Fixed in: 11.9-0+deb10u1

โœ— High severity vulnerability found in perl/perl-base
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570792
  Introduced through: meta-common-packages@meta, [email protected]
  From: meta-common-packages@meta > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
  and 3 more...
  Fixed in: 5.28.1-6+deb10u1

โœ— High severity vulnerability found in perl/perl-base
  Description: Buffer Overflow
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570797
  Introduced through: meta-common-packages@meta, [email protected]
  From: meta-common-packages@meta > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
  and 3 more...
  Fixed in: 5.28.1-6+deb10u1

โœ— High severity vulnerability found in perl/perl-base
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570802
  Introduced through: meta-common-packages@meta, [email protected]
  From: meta-common-packages@meta > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
  From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
  and 3 more...
  Fixed in: 5.28.1-6+deb10u1

โœ— High severity vulnerability found in p11-kit/libp11-kit0
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050836
  Introduced through: apt/[email protected]
  From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > p11-kit/[email protected]

โœ— High severity vulnerability found in openldap/libldap-common
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1035359
  Introduced through: gnupg2/[email protected]+deb10u1
  From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
  Fixed in: 2.4.47+dfsg-3+deb10u3

โœ— High severity vulnerability found in mariadb-10.3/mariadb-common
  Description: CVE-2020-13249
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570301
  Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
  From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
  Fixed in: 1:10.3.23-0+deb10u1

โœ— High severity vulnerability found in libxml2/libxml2
  Description: Loop with Unreachable Exit Condition ('Infinite Loop')
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429486
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3

โœ— High severity vulnerability found in libxml2/libxml2
  Description: XML External Entity (XXE) Injection
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429496
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3

โœ— High severity vulnerability found in libxml2/libxml2
  Description: NULL Pointer Dereference
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429565
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
  Fixed in: 2.9.4+dfsg1-7+deb10u1

โœ— High severity vulnerability found in libxml2/libxml2
  Description: Missing Release of Resource after Effective Lifetime
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-539775
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
  Fixed in: 2.9.4+dfsg1-7+deb10u1

โœ— High severity vulnerability found in libxml2/libxml2
  Description: Loop with Unreachable Exit Condition ('Infinite Loop')
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-542927
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
  Fixed in: 2.9.4+dfsg1-7+deb10u1

โœ— High severity vulnerability found in libxml2/libxml2
  Description: Improper Resource Shutdown or Release
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-542929
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
  Fixed in: 2.9.4+dfsg1-7+deb10u1

โœ— High severity vulnerability found in libonig/libonig5
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-1014607
  Introduced through: jq/[email protected]+dfsg-2+b1
  From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
  From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]

โœ— High severity vulnerability found in libidn2/libidn2-0
  Description: Improper Input Validation
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
  Introduced through: apt/[email protected], krb5/[email protected]
  From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > libidn2/[email protected]+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > libidn2/[email protected]+deb10u1

โœ— High severity vulnerability found in krb5/libgssrpc4
  Description: Uncontrolled Recursion
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-1037638
  Introduced through: krb5/[email protected], meta-common-packages@meta
  From: krb5/[email protected] > krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
  and 18 more...
  Fixed in: 1.17-3+deb10u1

โœ— High severity vulnerability found in json-c/libjson-c3
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-JSONC-568809
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > json-c/[email protected]+ds-2
  Fixed in: 0.12.1+ds-2+deb10u1

โœ— High severity vulnerability found in gnutls28/libgnutls30
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-609778
  Introduced through: gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, apt/[email protected], cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected]
  From: gnupg2/[email protected]+deb10u1 > gnutls28/[email protected]+deb10u4
  From: openldap/[email protected]+dfsg-1~bpo10+1 > gnutls28/[email protected]+deb10u4
  From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4
  and 3 more...

โœ— High severity vulnerability found in glibc/libc-bin
  Description: Out-of-bounds Write
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— High severity vulnerability found in glibc/libc-bin
  Description: Use After Free
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559493
  Introduced through: glibc/[email protected], meta-common-packages@meta
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected] > glibc/[email protected]
  From: glibc/[email protected]
  and 1 more...

โœ— High severity vulnerability found in gcc-8/gcc-8-base
  Description: Information Exposure
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > gcc-8/[email protected]
  From: meta-common-packages@meta > gcc-8/libgcc1@1:8.3.0-6
  From: meta-common-packages@meta > gcc-8/[email protected]

โœ— High severity vulnerability found in gcc-8/gcc-8-base
  Description: Insufficient Entropy
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
  Introduced through: meta-common-packages@meta
  From: meta-common-packages@meta > gcc-8/[email protected]
  From: meta-common-packages@meta > gcc-8/libgcc1@1:8.3.0-6
  From: meta-common-packages@meta > gcc-8/[email protected]

โœ— High severity vulnerability found in bind9/libisc1100
  Description: Improper Privilege Management
  Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-608010
  Introduced through: krb5/[email protected]
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
  and 11 more...
  Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2



Organization:      undefined
Package manager:   deb
Project name:      docker-image|osixia/openldap
Docker image:      osixia/openldap:latest
Platform:          linux/amd64

Tested 200 dependencies for known vulnerabilities, found 150 vulnerabilities.

For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

@MaxPeal Can you please pack your vulnerabilities list into a spoiler with the following code? This would make it easier to read a possible discussion :)

````


Title



````

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Shriyanshmit picture Shriyanshmit  ยท  5Comments

taggartgorman picture taggartgorman  ยท  5Comments

jerrac picture jerrac  ยท  4Comments

LeaklessGfy picture LeaklessGfy  ยท  4Comments

gpcimino picture gpcimino  ยท  5Comments