$ docker run --rm -v ~/.cache/trivy:/root/.cache/ aquasec/trivy:${VERSION} -debug $DUT:latest
osixia/openldap:latest (debian 10.4)
maxpeal@static:~$ docker run --rm -v ~/.cache/trivy:/root/.cache/ aquasec/trivy:${VERSION} -debug $DUT:latest
2020-11-22T02:54:21.792Z DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2020-11-22T02:54:21.792Z WARN You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2020-11-22T02:54:21.793Z DEBUG cache dir: /root/.cache/trivy
2020-11-22T02:54:21.793Z DEBUG DB update was skipped because DB is the latest
2020-11-22T02:54:21.793Z DEBUG DB Schema: 1, Type: 1, UpdatedAt: 2020-11-22 00:31:19.958804537 +0000 UTC, NextUpdate: 2020-11-22 12:31:19.958804137 +0000 UTC
2020-11-22T02:54:23.382Z DEBUG Vulnerability type: [os library]
2020-11-22T02:54:23.601Z DEBUG Artifact ID: sha256:e55926b7c37760a8002c4fd597f1693c160fbd3fa70999d6a77b69a0ca355b3f
2020-11-22T02:54:23.601Z DEBUG Blob IDs: [sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74 sha256:03a9c9b54b49ac8fe7a500f1931b4baed25ed90a9376552f5319355268c0be7e sha256:bd056a92c4d64a942ec6dc69e86d3e50ccd71b2cee8f7f2b712f0f35b19ed109 sha256:5aed85da23adbed3149816aeadd210111107c512a4a41dbc745022f8d8dd5cd9 sha256:3a05bc4e8b1dd2b9630151d1459bb927430f50cb9881275eaafb97468b2abaeb sha256:afde22bc61207b0a36aa296355f36a8c5e500a9f6351c8056ff105476e668b0f sha256:a15f15357140962a58f8275dc980a6a16697c848dc68435fe8ce97bd489e8ee5 sha256:44a4bfda918abba4c19c3d4beb5d44db4876e4c7a233e57d5e5c48fa526c20cf sha256:52ae0430fc81e32eba354db8762e2e5d4d027b9eb4cf6c8006c49d2b6ef2a23c]
2020-11-22T02:54:23.605Z INFO Detecting Debian vulnerabilities...
2020-11-22T02:54:23.605Z DEBUG debian: os version: 10
2020-11-22T02:54:23.605Z DEBUG debian: the number of packages: 199
osixia/openldap:latest (debian 10.4)
====================================
Total: 333 (UNKNOWN: 0, LOW: 183, MEDIUM: 71, HIGH: 77, CRITICAL: 2)
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| apt | CVE-2011-3374 | LOW | 1.8.2.1 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+----------------------+ + + +------------------------------+ +
| apt-transport-https | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| apt-utils | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0841856-B18BAF | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| bind9-host | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| coreutils | CVE-2016-2781 | LOW | 8.30-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and |
| | | | | | chgrp |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| dirmngr | CVE-2019-14855 | | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key |
| | | | | | Certification Forgeries with |
| | | | | | SHA-1 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gnupg | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key |
| | | | | | Certification Forgeries with |
| | | | | | SHA-1 |
+----------------------+ + + +------------------------------+ +
| gnupg-l10n | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gnupg-utils | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg-agent | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg-wks-client | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg-wks-server | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpgconf | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpgsm | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpgv | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| iproute2 | CVE-2019-20795 | MEDIUM | 4.20.0-2 | | iproute: use-after-free in |
| | | | | | get_netnsid_from_name in |
| | | | | | ip/ipnetns.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| krb5-kdc | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| krb5-kdc-ldap | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| krb5-user | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| ldap-utils | CVE-2015-3276 | | 2.4.50+dfsg-1~bpo10+1 | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libapt-inst2.0 | CVE-2011-3374 | | 1.8.2.1 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+----------------------+ + + +------------------------------+ +
| libapt-pkg5.0 | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libasn1-8-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libbind9-161 | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libc-bin | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libc-l10n | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libc6 | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libdns1104 | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libexpat1 | CVE-2013-0340 | LOW | 2.2.6-2+deb10u1 | | expat: internal entity |
| | | | | | expansion |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcrypt20 | CVE-2019-12904 | MEDIUM | 1.8.4-5 | | Libgcrypt: physical addresses |
| | | | | | being available to other |
| | | | | | processes leads to a |
| | | | | | flush-and-reload... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-13627 | | | | libgcrypt: ECDSA timing attack |
| | | | | | allowing private key leak |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal |
| | | | | | implementation doesn't |
| | | | | | have semantic security |
| | | | | | due to incorrectly encoded |
| | | | | | plaintexts... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgnutls30 | CVE-2020-24659 | HIGH | 3.6.7-4+deb10u4 | | gnutls: Heap buffer |
| | | | | | overflow in handshake with |
| | | | | | no_renegotiation alert sent |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-3389 | LOW | | | HTTPS: block-wise |
| | | | | | chosen-plaintext attack |
| | | | | | against SSL/TLS (BEAST) |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgssapi-krb5-2 | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libgssrpc4 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libhcrypto4-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+ + + +------------------------------+ +
| libhdb9-heimdal | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| libheimbase1-heimdal | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| libhx509-5-heimdal | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
| | | | | | fails to perform the roundtrip |
| | | | | | checks specified in... |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libisc1100 | CVE-2020-8623 | | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+ + +------------------------------------+
| libisccc161 | CVE-2020-8623 | HIGH | | | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+ + +------------------------------------+
| libisccfg163 | CVE-2020-8623 | HIGH | | | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libjson-c3 | CVE-2020-12762 | HIGH | 0.12.1+ds-2 | 0.12.1+ds-2+deb10u1 | json-c: integer overflow and |
| | | | | | out-of-bounds write via a |
| | | | | | large JSON file |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libk5crypto3 | CVE-2020-28196 | | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libkadm5clnt-mit11 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libkadm5srv-mit11 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkadm5srv8-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkdb5-9 | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-26-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-3 | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libkrb5support0 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.50+dfsg-1~bpo10+1 | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libldap-common | CVE-2020-25692 | HIGH | 2.4.47+dfsg-3+deb10u2 | 2.4.47+dfsg-3+deb10u3 | openldap: NULL pointer |
| | | | | | dereference for |
| | | | | | unauthenticated packet in |
| | | | | | slapd |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25709 | | | 2.4.47+dfsg-3+deb10u4 | openldap: assertion failure |
| | | | | | in Certificate List syntax |
| | | | | | validation |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-25710 | | | | openldap: assertion failure in |
| | | | | | CSN normalization with invalid |
| | | | | | input |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2015-3276 | LOW | | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblwres161 | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblz4-1 | CVE-2019-17543 | LOW | 1.8.3-1 | | lz4: heap-based buffer |
| | | | | | overflow in LZ4_write32 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libmariadb3 | CVE-2020-15180 | CRITICAL | 1:10.3.22-0+deb10u1 | 1:10.3.25-0+deb10u1 | mariadb: Insufficient SST |
| | | | | | method name check leading |
| | | | | | to code injection in |
| | | | | | mysql-wsrep... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-13249 | HIGH | | 1:10.3.23-0+deb10u1 | mariadb-connector-c: Improper |
| | | | | | validation of content in a OK |
| | | | | | packet received from server... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14765 | MEDIUM | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14776 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14789 | | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14812 | | | | mysql: Server: Locking |
| | | | | | unspecified vulnerability (CPU |
| | | | | | Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-2752 | | | 1:10.3.23-0+deb10u1 | mysql: C API unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2760 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2812 | | | | mysql: Server: Stored |
| | | | | | Procedure unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2814 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libonig5 | CVE-2020-26159 | HIGH | 6.9.1-1 | | oniguruma: Buffer overflow |
| | | | | | in concat_opt_exact_str could |
| | | | | | result in DoS |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-13224 | LOW | | | oniguruma: Use-after-free in |
| | | | | | onig_new_deluxe() in regext.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-13225 | | | | oniguruma: NULL pointer |
| | | | | | dereference in match_at() in |
| | | | | | regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-16163 | | | | oniguruma: Stack exhaustion in |
| | | | | | regcomp.c because of recursion |
| | | | | | in regparse.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19012 | | | | oniguruma: integer overflow |
| | | | | | in search_in_range function |
| | | | | | in regexec.c leads to |
| | | | | | out-of-bounds read... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19203 | | | | oniguruma: Heap-based |
| | | | | | buffer over-read in function |
| | | | | | gb18030_mbc_enc_len in file |
| | | | | | gb18030.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19204 | | | | oniguruma: Heap-based |
| | | | | | buffer over-read in function |
| | | | | | fetch_interval_quantifier in |
| | | | | | regparse.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19246 | | | | oniguruma: Heap-based |
| | | | | | buffer overflow in |
| | | | | | str_lower_case_match in |
| | | | | | regexec.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: integer overflow in |
| | | | | | libpcre |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-16231 | | | | pcre: self-recursive call in |
| | | | | | match() in pcre_exec.c leads |
| | | | | | to denial of service... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-7245 | | | | pcre: stack-based |
| | | | | | buffer overflow write in |
| | | | | | pcre32_copy_substring |
+ +---------------------+ + +------------------------------+ +
| | CVE-2017-7246 | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20838 | | | | pcre: buffer over-read in JIT |
| | | | | | when UTF is disabled |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libperl5.28 | CVE-2020-10543 | HIGH | 5.28.1-6 | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpq5 | CVE-2020-14349 | HIGH | 11.7-0+deb10u1 | 11.9-0+deb10u1 | postgresql: Uncontrolled |
| | | | | | search path element in logical |
| | | | | | replication |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-14350 | | | | postgresql: Uncontrolled |
| | | | | | search path element in CREATE |
| | | | | | EXTENSION |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25694 | | | | postgresql: Reconnection can |
| | | | | | downgrade connection security |
| | | | | | settings |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25695 | | | | postgresql: Multiple features |
| | | | | | escape "security restricted |
| | | | | | operation" sandbox |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25696 | | | | postgresql: psql's \gset |
| | | | | | allows overwriting specially |
| | | | | | treated variables |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-9193 | LOW | | | postgresql: Command injection |
| | | | | | via "COPY TO/FROM PROGRAM" |
| | | | | | function |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpython3.7-minimal | CVE-2020-26116 | HIGH | 3.7.3-2+deb10u1 | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libpython3.7-stdlib | CVE-2020-26116 | HIGH | | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libroken18-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | libseccomp: incorrect |
| | | | | | generation of syscall filters |
| | | | | | in libseccomp |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3 | | sqlite: mishandles certain |
| | | | | | SELECT statements with a |
| | | | | | nonexistent VIEW, leading to |
| | | | | | DoS... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19923 | | | | sqlite: mishandling of certain |
| | | | | | uses of SELECT DISTINCT |
| | | | | | involving a LEFT JOIN... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19925 | | | | sqlite: zipfileUpdate in |
| | | | | | ext/misc/zipfile.c mishandles |
| | | | | | a NULL pathname during an |
| | | | | | update of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19959 | | | | sqlite: mishandles certain |
| | | | | | uses of INSERT INTO in |
| | | | | | situations involving embedded |
| | | | | | '\0'... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20218 | | | | sqlite: selectExpander in |
| | | | | | select.c proceeds with WITH |
| | | | | | stack unwinding even after |
| | | | | | a... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13630 | | | | sqlite: Use-after-free |
| | | | | | in fts3EvalNextRow in |
| | | | | | ext/fts3/fts3.c |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-16168 | MEDIUM | | | sqlite: Division by zero in |
| | | | | | whereLoopAddBtreeIndex in |
| | | | | | sqlite3.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19645 | | | | sqlite: infinite recursion |
| | | | | | via certain types of |
| | | | | | self-referential views in |
| | | | | | conjunction with... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19924 | | | | sqlite: incorrect |
| | | | | | sqlite3WindowRewrite() error |
| | | | | | handling leads to mishandling |
| | | | | | certain parser-tree rewriting |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13434 | | | | sqlite: integer overflow in |
| | | | | | sqlite3_str_vappendf function |
| | | | | | in printf.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13435 | | | | sqlite: NULL pointer |
| | | | | | dereference leads to |
| | | | | | segmentation fault in |
| | | | | | sqlite3ExprCodeTarget in |
| | | | | | expr.c... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13631 | | | | sqlite: Virtual table can be |
| | | | | | renamed into the name of one |
| | | | | | of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13632 | | | | sqlite: NULL pointer |
| | | | | | dereference in |
| | | | | | ext/fts3/fts3_snippet.c via a |
| | | | | | crafted matchinfo() query |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15358 | | | | sqlite: heap-based |
| | | | | | buffer overflow in |
| | | | | | multiSelectOrderBy due to |
| | | | | | mishandling of query-flattener |
| | | | | | optimization... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-19244 | LOW | | | sqlite: allows a crash if a |
| | | | | | sub-select uses both DISTINCT |
| | | | | | and window... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-11656 | | | | sqlite: use-after-free in the |
| | | | | | ALTER TABLE implementation |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u3 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication |
| | | | | | weakness |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1551 | | | | openssl: Integer overflow in |
| | | | | | RSAZ modular exponentiation on |
| | | | | | x86_64 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u4 | | systemd: services with |
| | | | | | DynamicUser can create |
| | | | | | SUID/SGID binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with |
| | | | | | DynamicUser can get new |
| | | | | | privileges and create SGID |
| | | | | | binaries... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak |
| | | | | | in button_open() in |
| | | | | | login/logind-button.c when |
| | | | | | udev events are received... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13776 | | | | systemd: mishandles numerical |
| | | | | | usernames beginning with |
| | | | | | decimal digits or 0x followed |
| | | | | | by... |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u4 | | systemd: services with |
| | | | | | DynamicUser can create |
| | | | | | SUID/SGID binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with |
| | | | | | DynamicUser can get new |
| | | | | | privileges and create SGID |
| | | | | | binaries... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak |
| | | | | | in button_open() in |
| | | | | | login/logind-button.c when |
| | | | | | udev events are received... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13776 | | | | systemd: mishandles numerical |
| | | | | | usernames beginning with |
| | | | | | decimal digits or 0x followed |
| | | | | | by... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libwind0-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libxml2 | CVE-2016-9318 | HIGH | 2.9.4+dfsg1-7 | | libxml2: XML External Entity |
| | | | | | vulnerability |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-16932 | | | | libxml2: Infinite recursion in |
| | | | | | parameter entities |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19956 | | | | libxml2: memory leak in |
| | | | | | xmlParseBalancedChunkMemoryRecover |
| | | | | | in parser.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20388 | | | | libxml2: memory leak |
| | | | | | in xmlSchemaPreRun in |
| | | | | | xmlschemas.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-7595 | | | | libxml2: infinite loop in |
| | | | | | xmlStringLenDecodeEntities in |
| | | | | | some end-of-file situations |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2018-14567 | MEDIUM | | | libxml2: Infinite loop caused |
| | | | | | by incorrect error detection |
| | | | | | during LZMA decompression |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-18258 | LOW | | | libxml2: Unrestricted memory |
| | | | | | usage in xz_head() function in |
| | | | | | xzlib.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-14404 | | | | libxml2: NULL pointer |
| | | | | | dereference in |
| | | | | | xmlXPathCompOpEval() function |
| | | | | | in xpath.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-24977 | | | | libxml2: Buffer Overflow |
| | | | | | vulnerability in |
| | | | | | xmlEncodeEntitiesInternal at |
| | | | | | libxml2/entities.c |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libxtables12 | CVE-2012-2663 | | 1.8.2-4 | | iptables: --syn flag bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-11360 | | | | A buffer overflow in |
| | | | | | iptables-restore in netfilter |
| | | | | | iptables 1.8.2 allows an |
| | | | | | attacker... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| locales | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| mariadb-common | CVE-2020-15180 | CRITICAL | 1:10.3.22-0+deb10u1 | 1:10.3.25-0+deb10u1 | mariadb: Insufficient SST |
| | | | | | method name check leading |
| | | | | | to code injection in |
| | | | | | mysql-wsrep... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-13249 | HIGH | | 1:10.3.23-0+deb10u1 | mariadb-connector-c: Improper |
| | | | | | validation of content in a OK |
| | | | | | packet received from server... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14765 | MEDIUM | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14776 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14789 | | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14812 | | | | mysql: Server: Locking |
| | | | | | unspecified vulnerability (CPU |
| | | | | | Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-2752 | | | 1:10.3.23-0+deb10u1 | mysql: C API unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2760 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2812 | | | | mysql: Server: Stored |
| | | | | | Procedure unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2814 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| openssl | CVE-2007-6755 | LOW | 1.1.1d-0+deb10u3 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication |
| | | | | | weakness |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1551 | | | | openssl: Integer overflow in |
| | | | | | RSAZ modular exponentiation on |
| | | | | | x86_64 |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| perl | CVE-2020-10543 | HIGH | 5.28.1-6 | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| perl-base | CVE-2020-10543 | HIGH | | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| perl-modules-5.28 | CVE-2020-10543 | HIGH | | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| python3-yaml | CVE-2017-18342 | | 3.13-2 | | PyYAML: yaml.load() API could |
| | | | | | execute arbitrary code |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| python3.7 | CVE-2020-26116 | HIGH | 3.7.3-2+deb10u1 | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| python3.7-minimal | CVE-2020-26116 | HIGH | | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| slapd | CVE-2015-3276 | | 2.4.50+dfsg-1~bpo10+1 | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+ + +------------------------------+------------------------------------+
| slapd-contrib | CVE-2015-3276 | | | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| sysvinit-utils | TEMP-0517018-A83CE6 | | 2.93-8 | | |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in |
| | | | | | sparse.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0290435-0B57B5 | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
maxpeal@static:~$
I can confirm this with Docker v20.10.0 and osixia/openldap:latest.
With Docker 20 you can easily check an image against vulnerabilities with
docker scan osixia/openldap:latest
This results in 150 found vulnerabilities. I find this quite heavy. Other popular images (e.g. php, nginx) have like 5 to 10 vulnerabilities, this image (which handles authentication!) has 150!
List of vulnerabilities
Testing osixia/openldap:latest...
โ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > [email protected]+dfsg-6
โ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > [email protected]+dfsg-6
โ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
and 3 more...
โ Low severity vulnerability found in systemd/libsystemd0
Description: CVE-2019-9619
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-342768
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
and 3 more...
โ Low severity vulnerability found in systemd/libsystemd0
Description: Missing Release of Resource after Effective Lifetime
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
and 3 more...
โ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-570991
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
and 3 more...
โ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-535712
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
โ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-565214
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
โ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1
โ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1
โ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1
โ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: apt/[email protected], shadow/login@1:4.5-1.1, util-linux/[email protected]
From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
From: util-linux/[email protected] > [email protected] > shadow/login@1:4.5-1.1
โ Low severity vulnerability found in pyyaml/python3-yaml
Description: Deserialization of Untrusted Data
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYYAML-287529
Introduced through: pyyaml/[email protected]
From: pyyaml/[email protected]
โ Low severity vulnerability found in python3.7/libpython3.7-minimal
Description: CVE-2020-27619
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-1021148
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
โ Low severity vulnerability found in python3.7/libpython3.7-minimal
Description: Arbitrary Code Injection
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-279198
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
โ Low severity vulnerability found in python3.7/libpython3.7-minimal
Description: Arbitrary Code Injection
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-474392
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
โ Low severity vulnerability found in python3.7/libpython3.7-minimal
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-546419
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
โ Low severity vulnerability found in postgresql-11/libpq5
Description: OS Command Injection
Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-342098
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
โ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta, [email protected]
From: meta-common-packages@meta > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
and 3 more...
โ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
โ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
โ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
โ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
โ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
โ Low severity vulnerability found in p11-kit/libp11-kit0
Description: CVE-2020-29362
Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050832
Introduced through: apt/[email protected]
From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > p11-kit/[email protected]
โ Low severity vulnerability found in p11-kit/libp11-kit0
Description: CVE-2020-29363
Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050833
Introduced through: apt/[email protected]
From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > p11-kit/[email protected]
โ Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374709
Introduced through: meta-common-packages@meta, [email protected]+deb10u3
From: meta-common-packages@meta > openssl/[email protected]+deb10u3
From: [email protected]+deb10u3
โ Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374996
Introduced through: meta-common-packages@meta, [email protected]+deb10u3
From: meta-common-packages@meta > openssl/[email protected]+deb10u3
From: [email protected]+deb10u3
โ Low severity vulnerability found in openssl/libssl1.1
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-536856
Introduced through: meta-common-packages@meta, [email protected]+deb10u3
From: meta-common-packages@meta > openssl/[email protected]+deb10u3
From: [email protected]+deb10u3
โ Low severity vulnerability found in openldap/libldap-common
Description: CVE-2020-25710
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1039832
Introduced through: gnupg2/[email protected]+deb10u1
From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
Fixed in: 2.4.47+dfsg-3+deb10u4
โ Low severity vulnerability found in openldap/libldap-common
Description: CVE-2020-25709
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1039835
Introduced through: gnupg2/[email protected]+deb10u1
From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
Fixed in: 2.4.47+dfsg-3+deb10u4
โ Low severity vulnerability found in openldap/libldap-common
Description: Improper Initialization
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304601
Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
and 11 more...
โ Low severity vulnerability found in openldap/libldap-common
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304654
Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
and 11 more...
โ Low severity vulnerability found in openldap/libldap-common
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304666
Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
and 11 more...
โ Low severity vulnerability found in openldap/libldap-common
Description: Improper Certificate Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-584924
Introduced through: gnupg2/[email protected]+deb10u1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, krb5/[email protected], openldap/[email protected]+dfsg-1~bpo10+1, openldap/[email protected]+dfsg-1~bpo10+1, cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected], openldap/[email protected]+dfsg-1~bpo10+1
From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1
From: krb5/[email protected] > openldap/[email protected]+dfsg-1~bpo10+1
and 11 more...
โ Low severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-15180
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1017374
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.25-0+deb10u1
โ Low severity vulnerability found in lz4/liblz4-1
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: apt/[email protected]
From: apt/[email protected] > [email protected] > apt/[email protected] > lz4/[email protected]
From: apt/[email protected] > [email protected] > apt/[email protected] > systemd/libsystemd0@241-7~deb10u4 > lz4/[email protected]
โ Low severity vulnerability found in libxml2/libxml2
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-609787
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
โ Low severity vulnerability found in libtasn1-6
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: apt/[email protected]
From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > [email protected]
โ Low severity vulnerability found in libseccomp/libseccomp2
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: apt/[email protected]
From: apt/[email protected] > [email protected] > libseccomp/[email protected]
โ Low severity vulnerability found in libonig/libonig5
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-452507
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ Low severity vulnerability found in libonig/libonig5
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-453113
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ Low severity vulnerability found in libonig/libonig5
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-466425
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ Low severity vulnerability found in libonig/libonig5
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-534586
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ Low severity vulnerability found in libonig/libonig5
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-535359
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ Low severity vulnerability found in libonig/libonig5
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-535364
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ Low severity vulnerability found in libonig/libonig5
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-535542
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: gnupg2/[email protected]+deb10u1, gnupg2/[email protected]+deb10u1, apt/[email protected]
From: gnupg2/[email protected]+deb10u1 > [email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
and 7 more...
โ Low severity vulnerability found in krb5/libgssrpc4
Description: CVE-2004-0971
Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-395883
Introduced through: krb5/[email protected], meta-common-packages@meta
From: krb5/[email protected] > krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
and 18 more...
โ Low severity vulnerability found in krb5/libgssrpc4
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-395955
Introduced through: krb5/[email protected], meta-common-packages@meta
From: krb5/[email protected] > krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
and 18 more...
โ Low severity vulnerability found in iptables/libxtables12
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPTABLES-287323
Introduced through: [email protected]
From: [email protected] > iptables/[email protected]
โ Low severity vulnerability found in iptables/libxtables12
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPTABLES-451768
Introduced through: [email protected]
From: [email protected] > iptables/[email protected]
โ Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, apt/[email protected], cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected]
From: gnupg2/[email protected]+deb10u1 > gnutls28/[email protected]+deb10u4
From: openldap/[email protected]+dfsg-1~bpo10+1 > gnutls28/[email protected]+deb10u4
From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4
and 3 more...
โ Low severity vulnerability found in gnupg2/gpgv
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/[email protected]+deb10u1, apt/[email protected], gnupg2/[email protected]+deb10u1
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1
From: apt/[email protected] > [email protected] > gnupg2/[email protected]+deb10u1
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1
and 18 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2020-27618
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1035462
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356371
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356671
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2010-4051
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356875
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-534995
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in glibc/libc-bin
Description: Integer Underflow
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-564233
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Low severity vulnerability found in expat/libexpat1
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-EXPAT-358079
Introduced through: python3-defaults/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > expat/[email protected]+deb10u1
โ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: [email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected]
โ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: [email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected]
โ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: [email protected]
From: [email protected]
โ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/[email protected], apt/[email protected]
From: apt/[email protected] > apt/[email protected]
From: apt/[email protected] > [email protected] > apt/[email protected]
From: apt/[email protected] > apt/[email protected] > apt/[email protected]
and 5 more...
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-466337
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537251
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Improper Handling of Exceptional Conditions
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539769
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570318
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570323
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: CVE-2020-13631
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570487
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570498
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-574691
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ Medium severity vulnerability found in python3.7/libpython3.7-minimal
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-543814
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
Fixed in: 3.7.3-2+deb10u2
โ Medium severity vulnerability found in python3.7/libpython3.7-minimal
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-572846
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
Fixed in: 3.7.3-2+deb10u2
โ Medium severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
โ Medium severity vulnerability found in openssl/libssl1.1
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1049098
Introduced through: meta-common-packages@meta, [email protected]+deb10u3
From: meta-common-packages@meta > openssl/[email protected]+deb10u3
From: [email protected]+deb10u3
Fixed in: 1.1.1d-0+deb10u4
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14776
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040128
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.27-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14789
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040131
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.27-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14765
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040133
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.27-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14812
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-1040137
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.27-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-2752
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570342
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.23-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-2814
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570354
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.23-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-2812
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570355
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.23-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-2760
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570360
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.23-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14540
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585786
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14539
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585787
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14576
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585788
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14567
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585806
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14550
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585810
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14559
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585811
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14547
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585812
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-14553
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-585813
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
โ Medium severity vulnerability found in libxml2/libxml2
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429393
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
Fixed in: 2.9.4+dfsg1-7+deb10u1
โ Medium severity vulnerability found in libxml2/libxml2
Description: Allocation of Resources Without Limits or Throttling
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429526
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
Fixed in: 2.9.4+dfsg1-7+deb10u1
โ Medium severity vulnerability found in libgcrypt20
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-450771
Introduced through: gnupg2/[email protected]+deb10u1, gnupg2/[email protected]+deb10u1, apt/[email protected]
From: gnupg2/[email protected]+deb10u1 > [email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
and 7 more...
โ Medium severity vulnerability found in libgcrypt20
Description: Race Condition
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: gnupg2/[email protected]+deb10u1, gnupg2/[email protected]+deb10u1, apt/[email protected]
From: gnupg2/[email protected]+deb10u1 > [email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > [email protected]
and 7 more...
โ Medium severity vulnerability found in iproute2
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPROUTE2-568742
Introduced through: [email protected]
From: [email protected]
โ Medium severity vulnerability found in heimdal/libroken18-heimdal
Description: Improper Authentication
Info: https://snyk.io/vuln/SNYK-DEBIAN10-HEIMDAL-537202
Introduced through: openldap/[email protected]+dfsg-1~bpo10+1
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3
and 20 more...
โ Medium severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559181
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ Medium severity vulnerability found in bind9/libisc1100
Description: Improper Resource Shutdown or Release
Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-572634
Introduced through: krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
and 11 more...
Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2
โ Medium severity vulnerability found in bind9/libisc1100
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-608017
Introduced through: krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
and 11 more...
Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2
โ Medium severity vulnerability found in bind9/libisc1100
Description: Improper Privilege Management
Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-608020
Introduced through: krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
and 11 more...
Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2
โ Medium severity vulnerability found in apt/libapt-pkg5.0
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-APT-1049974
Introduced through: apt/[email protected], apt/[email protected]
From: apt/[email protected] > apt/[email protected]
From: apt/[email protected] > [email protected] > apt/[email protected]
From: apt/[email protected] > apt/[email protected] > apt/[email protected]
and 5 more...
Fixed in: 1.8.2.2
โ High severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
and 3 more...
โ High severity vulnerability found in systemd/libsystemd0
Description: Incorrect Privilege Assignment
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
and 3 more...
โ High severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-346788
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, procps@2:3.3.15-2, util-linux/[email protected], apt/[email protected]
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u4
From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u4
From: util-linux/[email protected] > [email protected] > systemd/libsystemd0@241-7~deb10u4
and 3 more...
โ High severity vulnerability found in sqlite3/libsqlite3-0
Description: CVE-2019-19603
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537598
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
โ High severity vulnerability found in sqlite3/libsqlite3-0
Description: Unrestricted Upload of File with Dangerous Type
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539763
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ High severity vulnerability found in sqlite3/libsqlite3-0
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539773
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ High severity vulnerability found in sqlite3/libsqlite3-0
Description: Improper Handling of Exceptional Conditions
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-540471
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ High severity vulnerability found in sqlite3/libsqlite3-0
Description: CVE-2019-19959
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-540568
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ High severity vulnerability found in sqlite3/libsqlite3-0
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570494
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
Fixed in: 3.27.2-3+deb10u1
โ High severity vulnerability found in sqlite3/libsqlite3-0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570723
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1, gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, pyyaml/[email protected]
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > sqlite3/[email protected]
From: gnupg2/[email protected]+deb10u1 > gnupg2/[email protected]+deb10u1 > sqlite3/[email protected]
From: openldap/[email protected]+dfsg-1~bpo10+1 > heimdal/[email protected]+dfsg-3 > heimdal/[email protected]+dfsg-3 > sqlite3/[email protected]
and 2 more...
โ High severity vulnerability found in python3.7/libpython3.7-minimal
Description: Improper Encoding or Escaping of Output
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-1013422
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
โ High severity vulnerability found in python3.7/libpython3.7-minimal
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON37-584371
Introduced through: python3-defaults/[email protected], pyyaml/[email protected]
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: pyyaml/[email protected] > python3-defaults/[email protected] > [email protected]+deb10u1 > python3.7/[email protected]+deb10u1 > python3.7/[email protected]+deb10u1
From: python3-defaults/[email protected] > python3.7/[email protected]+deb10u1
and 4 more...
Fixed in: 3.7.3-2+deb10u2
โ High severity vulnerability found in postgresql-11/libpq5
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-1040143
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
โ High severity vulnerability found in postgresql-11/libpq5
Description: SQL Injection
Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-1040144
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
โ High severity vulnerability found in postgresql-11/libpq5
Description: Insufficient Comparison
Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-1040145
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
โ High severity vulnerability found in postgresql-11/libpq5
Description: SQL Injection
Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-598393
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
Fixed in: 11.9-0+deb10u1
โ High severity vulnerability found in postgresql-11/libpq5
Description: Untrusted Search Path
Info: https://snyk.io/vuln/SNYK-DEBIAN10-POSTGRESQL11-598395
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > postgresql-11/[email protected]+deb10u1
Fixed in: 11.9-0+deb10u1
โ High severity vulnerability found in perl/perl-base
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570792
Introduced through: meta-common-packages@meta, [email protected]
From: meta-common-packages@meta > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
and 3 more...
Fixed in: 5.28.1-6+deb10u1
โ High severity vulnerability found in perl/perl-base
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570797
Introduced through: meta-common-packages@meta, [email protected]
From: meta-common-packages@meta > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
and 3 more...
Fixed in: 5.28.1-6+deb10u1
โ High severity vulnerability found in perl/perl-base
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-570802
Introduced through: meta-common-packages@meta, [email protected]
From: meta-common-packages@meta > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > perl/[email protected]
From: [email protected] > openldap/[email protected]+dfsg-1~bpo10+1 > [email protected] > perl/[email protected]
and 3 more...
Fixed in: 5.28.1-6+deb10u1
โ High severity vulnerability found in p11-kit/libp11-kit0
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050836
Introduced through: apt/[email protected]
From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > p11-kit/[email protected]
โ High severity vulnerability found in openldap/libldap-common
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1035359
Introduced through: gnupg2/[email protected]+deb10u1
From: gnupg2/[email protected]+deb10u1 > openldap/[email protected]+dfsg-1~bpo10+1 > openldap/[email protected]+dfsg-3+deb10u2
Fixed in: 2.4.47+dfsg-3+deb10u3
โ High severity vulnerability found in mariadb-10.3/mariadb-common
Description: CVE-2020-13249
Info: https://snyk.io/vuln/SNYK-DEBIAN10-MARIADB103-570301
Introduced through: cyrus-sasl2/[email protected]+dfsg-1+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1 > mariadb-10.3/mariadb-common@1:10.3.22-0+deb10u1
From: cyrus-sasl2/[email protected]+dfsg-1+deb10u1 > mariadb-10.3/libmariadb3@1:10.3.22-0+deb10u1
Fixed in: 1:10.3.23-0+deb10u1
โ High severity vulnerability found in libxml2/libxml2
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429486
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
โ High severity vulnerability found in libxml2/libxml2
Description: XML External Entity (XXE) Injection
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429496
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
โ High severity vulnerability found in libxml2/libxml2
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-429565
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
Fixed in: 2.9.4+dfsg1-7+deb10u1
โ High severity vulnerability found in libxml2/libxml2
Description: Missing Release of Resource after Effective Lifetime
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-539775
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
Fixed in: 2.9.4+dfsg1-7+deb10u1
โ High severity vulnerability found in libxml2/libxml2
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-542927
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
Fixed in: 2.9.4+dfsg1-7+deb10u1
โ High severity vulnerability found in libxml2/libxml2
Description: Improper Resource Shutdown or Release
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBXML2-542929
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libxml2/[email protected]+dfsg1-7+b3
Fixed in: 2.9.4+dfsg1-7+deb10u1
โ High severity vulnerability found in libonig/libonig5
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBONIG-1014607
Introduced through: jq/[email protected]+dfsg-2+b1
From: jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
From: jq/[email protected]+dfsg-2+b1 > jq/[email protected]+dfsg-2+b1 > libonig/[email protected]
โ High severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: apt/[email protected], krb5/[email protected]
From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4 > libidn2/[email protected]+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > libidn2/[email protected]+deb10u1
โ High severity vulnerability found in krb5/libgssrpc4
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-1037638
Introduced through: krb5/[email protected], meta-common-packages@meta
From: krb5/[email protected] > krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > krb5/[email protected]
and 18 more...
Fixed in: 1.17-3+deb10u1
โ High severity vulnerability found in json-c/libjson-c3
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-JSONC-568809
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > json-c/[email protected]+ds-2
Fixed in: 0.12.1+ds-2+deb10u1
โ High severity vulnerability found in gnutls28/libgnutls30
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-609778
Introduced through: gnupg2/[email protected]+deb10u1, openldap/[email protected]+dfsg-1~bpo10+1, apt/[email protected], cyrus-sasl2/[email protected]+dfsg-1+deb10u1, [email protected]
From: gnupg2/[email protected]+deb10u1 > gnutls28/[email protected]+deb10u4
From: openldap/[email protected]+dfsg-1~bpo10+1 > gnutls28/[email protected]+deb10u4
From: apt/[email protected] > [email protected] > gnutls28/[email protected]+deb10u4
and 3 more...
โ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ High severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559493
Introduced through: glibc/[email protected], meta-common-packages@meta
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected] > glibc/[email protected]
From: glibc/[email protected]
and 1 more...
โ High severity vulnerability found in gcc-8/gcc-8-base
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > gcc-8/[email protected]
From: meta-common-packages@meta > gcc-8/libgcc1@1:8.3.0-6
From: meta-common-packages@meta > gcc-8/[email protected]
โ High severity vulnerability found in gcc-8/gcc-8-base
Description: Insufficient Entropy
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > gcc-8/[email protected]
From: meta-common-packages@meta > gcc-8/libgcc1@1:8.3.0-6
From: meta-common-packages@meta > gcc-8/[email protected]
โ High severity vulnerability found in bind9/libisc1100
Description: Improper Privilege Management
Info: https://snyk.io/vuln/SNYK-DEBIAN10-BIND9-608010
Introduced through: krb5/[email protected]
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
From: krb5/[email protected] > krb5/[email protected] > kerberos-configs/[email protected] > bind9/bind9-host@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libbind9-161@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libdns1104@1:9.11.5.P4+dfsg-5.1+deb10u1 > bind9/libisc1100@1:9.11.5.P4+dfsg-5.1+deb10u1
and 11 more...
Fixed in: 1:9.11.5.P4+dfsg-5.1+deb10u2
Organization: undefined
Package manager: deb
Project name: docker-image|osixia/openldap
Docker image: osixia/openldap:latest
Platform: linux/amd64
Tested 200 dependencies for known vulnerabilities, found 150 vulnerabilities.
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp
@MaxPeal Can you please pack your vulnerabilities list into a spoiler with the following code? This would make it easier to read a possible discussion :)
````
Title
````
Most helpful comment