gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
aca31dffb36328d17f6d3a3bd1184cfcd36ffc07
trivy/integration/testdata/centos-7.json.golden
Teppei Fukuda aca31dffb3 detector: Add LayerID to detect vulns (#419) 
* detector/alpine: Add LayerID to detect vulns

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Add LayerID to DetectedVulns

Signed-off-by: Simarpreet Singh <simar@linux.com>

* debian: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* oracle: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* photon: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* redhat: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* suse: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* ubuntu: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Fix integration tests to include LayerID

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix(rpc): add layer_id

* fix(rpc): insert layer_id to the struct

* fix(extractor): add cleanup function

* fix(library): add layer ID to detected vulnerabilities

* test: update mocks

* chore(mod): point to the feature branch of fanal

* mod: Point to fanal/master

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Include LayerID as part of the assertion

Signed-off-by: Simarpreet Singh <simar@linux.com>

* docker_engine_test.go: Update an error message to conform with fanal/master.

Signed-off-by: Simarpreet Singh <simar@linux.com>

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
2020-03-04 19:55:16 +02:00

12620 lines
819 KiB
Plaintext
Raw Blame History

[
{
"Target": "testdata/fixtures/centos-7.tar.gz (centos 7.6.1810)",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2015-5186",
"PkgName": "audit-libs",
"InstalledVersion": "2.8.4-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Audit: log terminal emulator escape sequences handling",
"Description": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2015/08/13/9",
"http://www.securityfocus.com/bid/76840",
"https://bugzilla.redhat.com/show_bug.cgi?id=1251621",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186",
"https://people.redhat.com/sgrubb/audit/ChangeLog"
]
},
{
"VulnerabilityID": "CVE-2014-6277",
"PkgName": "bash",
"InstalledVersion": "4.2.46-31.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bash: uninitialized here document closing delimiter pointer use",
"Description": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.",
"Severity": "CRITICAL",
"References": [
"http://jvn.jp/en/jp/JVN55667175/index.html",
"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126",
"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html",
"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html",
"http://linux.oracle.com/errata/ELSA-2014-3093",
"http://linux.oracle.com/errata/ELSA-2014-3094",
"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html",
"http://marc.info/?l=bugtraq\u0026m=141330468527613\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141345648114150\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383026420882\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383081521087\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383196021590\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383244821813\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383304022067\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383353622268\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141450491804793\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141576728022234\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141577137423233\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141577241923505\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141577297623641\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141585637922673\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141879528318582\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142289270617409\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142358026505815\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142358078406056\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142721162228379\u0026w=2",
"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html",
"http://secunia.com/advisories/58200",
"http://secunia.com/advisories/59907",
"http://secunia.com/advisories/59961",
"http://secunia.com/advisories/60024",
"http://secunia.com/advisories/60034",
"http://secunia.com/advisories/60044",
"http://secunia.com/advisories/60055",
"http://secunia.com/advisories/60063",
"http://secunia.com/advisories/60193",
"http://secunia.com/advisories/60325",
"http://secunia.com/advisories/60433",
"http://secunia.com/advisories/61065",
"http://secunia.com/advisories/61128",
"http://secunia.com/advisories/61129",
"http://secunia.com/advisories/61283",
"http://secunia.com/advisories/61287",
"http://secunia.com/advisories/61291",
"http://secunia.com/advisories/61312",
"http://secunia.com/advisories/61313",
"http://secunia.com/advisories/61328",
"http://secunia.com/advisories/61442",
"http://secunia.com/advisories/61471",
"http://secunia.com/advisories/61485",
"http://secunia.com/advisories/61503",
"http://secunia.com/advisories/61550",
"http://secunia.com/advisories/61552",
"http://secunia.com/advisories/61565",
"http://secunia.com/advisories/61603",
"http://secunia.com/advisories/61633",
"http://secunia.com/advisories/61641",
"http://secunia.com/advisories/61643",
"http://secunia.com/advisories/61654",
"http://secunia.com/advisories/61703",
"http://secunia.com/advisories/61780",
"http://secunia.com/advisories/61816",
"http://secunia.com/advisories/61857",
"http://secunia.com/advisories/62312",
"http://secunia.com/advisories/62343",
"http://support.apple.com/HT204244",
"http://support.novell.com/security/cve/CVE-2014-6277.html",
"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685541",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685604",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685733",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685749",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685914",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686131",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686246",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686445",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686479",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686494",
"http://www-01.ibm.com/support/docview.wss?uid=swg21687079",
"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164",
"http://www.novell.com/support/kb/doc.php?id=7015721",
"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html",
"http://www.qnap.com/i/en/support/con_show.php?cid=61",
"http://www.ubuntu.com/usn/USN-2380-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0010.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277",
"https://kb.bluecoat.com/index?page=content\u0026id=SA82",
"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10648",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10085",
"https://support.apple.com/HT205267",
"https://support.citrix.com/article/CTX200217",
"https://support.citrix.com/article/CTX200223",
"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04497075",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04518183",
"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk102673\u0026src=securityAlerts",
"https://www.suse.com/support/shellshock/"
]
},
{
"VulnerabilityID": "CVE-2014-6278",
"PkgName": "bash",
"InstalledVersion": "4.2.46-31.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bash: incorrect parsing of function definitions with nested command substitutions",
"Description": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.",
"Severity": "CRITICAL",
"References": [
"http://jvn.jp/en/jp/JVN55667175/index.html",
"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126",
"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html",
"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html",
"http://linux.oracle.com/errata/ELSA-2014-3093",
"http://linux.oracle.com/errata/ELSA-2014-3094",
"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html",
"http://marc.info/?l=bugtraq\u0026m=141330468527613\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141345648114150\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383026420882\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383081521087\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383196021590\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383244821813\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383304022067\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383353622268\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141450491804793\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141576728022234\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141577137423233\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141577241923505\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141577297623641\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141585637922673\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=141879528318582\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142358026505815\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142358078406056\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=142721162228379\u0026w=2",
"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html",
"http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html",
"http://secunia.com/advisories/58200",
"http://secunia.com/advisories/59907",
"http://secunia.com/advisories/59961",
"http://secunia.com/advisories/60024",
"http://secunia.com/advisories/60034",
"http://secunia.com/advisories/60044",
"http://secunia.com/advisories/60055",
"http://secunia.com/advisories/60063",
"http://secunia.com/advisories/60193",
"http://secunia.com/advisories/60325",
"http://secunia.com/advisories/60433",
"http://secunia.com/advisories/61065",
"http://secunia.com/advisories/61128",
"http://secunia.com/advisories/61129",
"http://secunia.com/advisories/61283",
"http://secunia.com/advisories/61287",
"http://secunia.com/advisories/61291",
"http://secunia.com/advisories/61312",
"http://secunia.com/advisories/61313",
"http://secunia.com/advisories/61328",
"http://secunia.com/advisories/61442",
"http://secunia.com/advisories/61471",
"http://secunia.com/advisories/61485",
"http://secunia.com/advisories/61503",
"http://secunia.com/advisories/61550",
"http://secunia.com/advisories/61552",
"http://secunia.com/advisories/61565",
"http://secunia.com/advisories/61603",
"http://secunia.com/advisories/61633",
"http://secunia.com/advisories/61641",
"http://secunia.com/advisories/61643",
"http://secunia.com/advisories/61654",
"http://secunia.com/advisories/61703",
"http://secunia.com/advisories/61780",
"http://secunia.com/advisories/61816",
"http://secunia.com/advisories/61857",
"http://secunia.com/advisories/62312",
"http://secunia.com/advisories/62343",
"http://support.novell.com/security/cve/CVE-2014-6278.html",
"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898",
"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685541",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685604",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685733",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685749",
"http://www-01.ibm.com/support/docview.wss?uid=swg21685914",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686131",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686246",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686445",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686479",
"http://www-01.ibm.com/support/docview.wss?uid=swg21686494",
"http://www-01.ibm.com/support/docview.wss?uid=swg21687079",
"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164",
"http://www.novell.com/support/kb/doc.php?id=7015721",
"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html",
"http://www.qnap.com/i/en/support/con_show.php?cid=61",
"http://www.ubuntu.com/usn/USN-2380-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0010.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1147414",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278",
"https://kb.bluecoat.com/index?page=content\u0026id=SA82",
"https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10648",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10085",
"https://security-tracker.debian.org/tracker/CVE-2014-6278",
"https://support.citrix.com/article/CTX200217",
"https://support.citrix.com/article/CTX200223",
"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04497075",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04518183",
"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk102673\u0026src=securityAlerts",
"https://www.exploit-db.com/exploits/39568/",
"https://www.exploit-db.com/exploits/39887/",
"https://www.suse.com/support/shellshock/"
]
},
{
"VulnerabilityID": "CVE-2019-9924",
"PkgName": "bash",
"InstalledVersion": "4.2.46-31.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bash: BASH_CMD is writable in restricted bash shells",
"Description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.",
"Severity": "HIGH",
"References": [
"http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html",
"https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html",
"https://security.netapp.com/advisory/ntap-20190411-0001/"
]
},
{
"VulnerabilityID": "CVE-2012-6711",
"PkgName": "bash",
"InstalledVersion": "4.2.46-31.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bash: heap-based buffer overflow during echo of unsupported characters",
"Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5",
"http://www.securityfocus.com/bid/108824",
"https://bugzilla.redhat.com/show_bug.cgi?id=1721071",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711"
]
},
{
"VulnerabilityID": "CVE-2018-5743",
"PkgName": "bind-license",
"InstalledVersion": "32:9.9.4-73.el7_6",
"FixedVersion": "32:9.9.4-74.el7_6.1",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bind: Limiting simultaneous TCP clients is ineffective",
"Description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743",
"https://kb.isc.org/docs/cve-2018-5743"
]
},
{
"VulnerabilityID": "CVE-2016-6170",
"PkgName": "bind-license",
"InstalledVersion": "32:9.9.4-73.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bind: Improper restriction of zone size limit",
"Description": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/07/06/3",
"http://www.securityfocus.com/bid/91611",
"http://www.securitytracker.com/id/1036241",
"https://bugzilla.redhat.com/show_bug.cgi?id=1353563",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6170",
"https://github.com/sischkg/xfer-limit/blob/master/README.md",
"https://kb.isc.org/article/AA-01390",
"https://kb.isc.org/article/AA-01390/169/CVE-2016-6170",
"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html",
"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html",
"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html",
"https://security.gentoo.org/glsa/201610-07"
]
},
{
"VulnerabilityID": "CVE-2018-5741",
"PkgName": "bind-license",
"InstalledVersion": "32:9.9.4-73.el7_6",
"FixedVersion": "32:9.11.4-9.P2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies",
"Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105379",
"http://www.securitytracker.com/id/1041674",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741",
"https://kb.isc.org/docs/cve-2018-5741",
"https://security.gentoo.org/glsa/201903-13",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03927en_us"
]
},
{
"VulnerabilityID": "CVE-2018-5745",
"PkgName": "bind-license",
"InstalledVersion": "32:9.9.4-73.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys",
"Description": "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P1, 9.12.0 -\u003e 9.12.3-P1, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745",
"https://kb.isc.org/docs/cve-2018-5745"
]
},
{
"VulnerabilityID": "CVE-2013-5661",
"PkgName": "bind-license",
"InstalledVersion": "32:9.9.4-73.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "DNS response rate limiting can simplify cache poisoning attacks",
"Description": "No description is available for this CVE.",
"Severity": "LOW"
},
{
"VulnerabilityID": "CVE-2019-6465",
"PkgName": "bind-license",
"InstalledVersion": "32:9.9.4-73.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable",
"Description": "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.5-P2, 9.12.0 -\u003e 9.12.3-P2, and versions 9.9.3-S1 -\u003e 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -\u003e 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465",
"https://kb.isc.org/docs/cve-2019-6465"
]
},
{
"VulnerabilityID": "CVE-2014-9939",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: buffer overflow in ihex.c",
"Description": "ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2015/07/31/6",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939",
"https://sourceware.org/bugzilla/show_bug.cgi?id=18750",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b"
]
},
{
"VulnerabilityID": "CVE-2017-13716",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
"Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
"Severity": "HIGH",
"References": [
"https://sourceware.org/bugzilla/show_bug.cgi?id=22009"
]
},
{
"VulnerabilityID": "CVE-2017-14930",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Memory leak in decode_line_info",
"Description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22191"
]
},
{
"VulnerabilityID": "CVE-2017-7614",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in bfd_elf_final_link function",
"Description": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program.",
"Severity": "HIGH",
"References": [
"https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614",
"https://security.gentoo.org/glsa/201709-02"
]
},
{
"VulnerabilityID": "CVE-2017-8421",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Memory exhaustion in objdump via a crafted PE file",
"Description": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21440"
]
},
{
"VulnerabilityID": "CVE-2018-12699",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: heap-based buffer overflow in finish_stab in stabs.c",
"Description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/104540",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23057"
]
},
{
"VulnerabilityID": "CVE-2015-8538",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libdwarf: Out-of-bounds read in dwarf_leb.c",
"Description": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2015/12/10/3",
"https://bugzilla.redhat.com/show_bug.cgi?id=1291299",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8538"
]
},
{
"VulnerabilityID": "CVE-2016-2226",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Exploitable buffer overflow",
"Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90103",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687",
"https://www.exploit-db.com/exploits/42386/"
]
},
{
"VulnerabilityID": "CVE-2016-4487",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to a use-after-free to array btypevec",
"Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90025",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481"
]
},
{
"VulnerabilityID": "CVE-2016-4488",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to a use-after-free to array ktypevec",
"Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90025",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481"
]
},
{
"VulnerabilityID": "CVE-2016-4489",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to integer overflow",
"Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90017",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492"
]
},
{
"VulnerabilityID": "CVE-2016-4490",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Write access violation",
"Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90019",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498"
]
},
{
"VulnerabilityID": "CVE-2016-4491",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Stack overflow due to infinite recursion in d_print_comp",
"Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90016",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html"
]
},
{
"VulnerabilityID": "CVE-2016-4492",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Read access violations",
"Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90014",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"
]
},
{
"VulnerabilityID": "CVE-2016-4493",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Read access violations",
"Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90014",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"
]
},
{
"VulnerabilityID": "CVE-2016-6131",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc,gdb,binutils,libitm: Stack overflow vulnerability in libiberty demangler",
"Description": "The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/06/30/4",
"http://www.openwall.com/lists/oss-security/2016/06/30/7",
"http://www.securityfocus.com/bid/91519",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696",
"https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html"
]
},
{
"VulnerabilityID": "CVE-2017-12449",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds heap read in _bfd_vms_save_sized_string function",
"Description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21840"
]
},
{
"VulnerabilityID": "CVE-2017-12451",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds stack read in _bfd_xcoff_read_ar_hdr function",
"Description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21786"
]
},
{
"VulnerabilityID": "CVE-2017-12452",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds heap read in bfd_mach_o_i386_canonicalize_one_reloc function",
"Description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21813"
]
},
{
"VulnerabilityID": "CVE-2017-12453",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds heap read in __bfd_vms_slurp_eeom function",
"Description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21813"
]
},
{
"VulnerabilityID": "CVE-2017-12454",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Arbitrary memory read in _bfd_vms_slurp_egs function",
"Description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21813"
]
},
{
"VulnerabilityID": "CVE-2017-12455",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds heap read in evax_bfd_print_emh function",
"Description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21840"
]
},
{
"VulnerabilityID": "CVE-2017-12456",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds heap read in read_symbol_stabs_debugging_inf function",
"Description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21813"
]
},
{
"VulnerabilityID": "CVE-2017-12457",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in bfd_make_section_with_flags function",
"Description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21840"
]
},
{
"VulnerabilityID": "CVE-2017-12458",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds heap read in nlm_swap_auxiliary_headers_in function",
"Description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21840"
]
},
{
"VulnerabilityID": "CVE-2017-12799",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based 1 byte buffer over-write in elf_read_notes function in bfd/elf.c",
"Description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100292",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21933"
]
},
{
"VulnerabilityID": "CVE-2017-12967",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack-based buffer over-read in getsym function in tekhex.c",
"Description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100462",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21962"
]
},
{
"VulnerabilityID": "CVE-2017-13710",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the setup_group function",
"Description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100499",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b"
]
},
{
"VulnerabilityID": "CVE-2017-13757",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: heap-based buffer over-read in elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100532",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22018",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a"
]
},
{
"VulnerabilityID": "CVE-2017-14128",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in the decode_line_info function",
"Description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100623",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22059",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780"
]
},
{
"VulnerabilityID": "CVE-2017-14129",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in the read_section function",
"Description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100624",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22047",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643"
]
},
{
"VulnerabilityID": "CVE-2017-14130",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in the _bfd_elf_parse_attributes function",
"Description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100625",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22058",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229"
]
},
{
"VulnerabilityID": "CVE-2017-14529",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: heap-based buffer over-read in bfd_getl16 function in peXXigen.c",
"Description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22113",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582"
]
},
{
"VulnerabilityID": "CVE-2017-14729",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap buffer overflow in the *_get_synthetic_symtab functions",
"Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22170",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360"
]
},
{
"VulnerabilityID": "CVE-2017-14745",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Integer overflow in the *_get_synthetic_symtab functions",
"Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22148"
]
},
{
"VulnerabilityID": "CVE-2017-14932",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Infinite loop in the decode_line_info",
"Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22204",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005"
]
},
{
"VulnerabilityID": "CVE-2017-14933",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Infinite loop in read_formatted_entries",
"Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101203",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22210",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32"
]
},
{
"VulnerabilityID": "CVE-2017-14934",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Infinite loop in process_debug_info",
"Description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101204",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22219",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b"
]
},
{
"VulnerabilityID": "CVE-2017-14938",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Excessive memory allocation in _bfd_elf_slurp_version_tables",
"Description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101212",
"https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22166",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6"
]
},
{
"VulnerabilityID": "CVE-2017-14939",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in the decode_line_info",
"Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101216",
"https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22169",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724",
"https://www.exploit-db.com/exploits/42970/"
]
},
{
"VulnerabilityID": "CVE-2017-14940",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the scan_unit_for_symbols",
"Description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22166",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe"
]
},
{
"VulnerabilityID": "CVE-2017-14974",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the *_get_synthetic_symtab functions",
"Description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22163",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf"
]
},
{
"VulnerabilityID": "CVE-2017-15020",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer overflow in parse_die",
"Description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22202",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5"
]
},
{
"VulnerabilityID": "CVE-2017-15021",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1",
"Description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22197",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d"
]
},
{
"VulnerabilityID": "CVE-2017-15022",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in dwarf2.c",
"Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22201",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8"
]
},
{
"VulnerabilityID": "CVE-2017-15023",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in read_formatted_entries",
"Description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101611",
"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22200",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf"
]
},
{
"VulnerabilityID": "CVE-2017-15024",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Infinite recursion in find_abstract_instance_name",
"Description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22187",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2"
]
},
{
"VulnerabilityID": "CVE-2017-15025",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Divide-by-zero in decode_line_info",
"Description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22186",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48"
]
},
{
"VulnerabilityID": "CVE-2017-15225",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Memory leak in _bfd_dwarf2_cleanup_debug_info",
"Description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22212",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0"
]
},
{
"VulnerabilityID": "CVE-2017-15938",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Invalid memory read in find_abstract_instance_name",
"Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101610",
"https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22209",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a"
]
},
{
"VulnerabilityID": "CVE-2017-15939",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the concat_filename",
"Description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101613",
"https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22205",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9"
]
},
{
"VulnerabilityID": "CVE-2017-15996",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Excessive memory allocation in elfcomm.c",
"Description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101608",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22361",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b"
]
},
{
"VulnerabilityID": "CVE-2017-16826",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Invalid memory access in the coff_slurp_line_table function",
"Description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22376",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d"
]
},
{
"VulnerabilityID": "CVE-2017-16827",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Invalid free in the aout_get_external_symbols function",
"Description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22306",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419"
]
},
{
"VulnerabilityID": "CVE-2017-16828",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Integer overflow in the display_debug_frames function",
"Description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22386",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d"
]
},
{
"VulnerabilityID": "CVE-2017-16829",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read in the _bfd_elf_parse_gnu_properties function",
"Description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22307",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163"
]
},
{
"VulnerabilityID": "CVE-2017-16830",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Segmentation fault in the print_gnu_property_note function",
"Description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101941",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22384",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4"
]
},
{
"VulnerabilityID": "CVE-2017-16831",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Integer overflow in coffgen.c",
"Description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22385",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca"
]
},
{
"VulnerabilityID": "CVE-2017-16832",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Segmentation fault in the pe_bfd_read_buildid function",
"Description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22373",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b"
]
},
{
"VulnerabilityID": "CVE-2017-17080",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in bfd_getl32",
"Description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22421"
]
},
{
"VulnerabilityID": "CVE-2017-17121",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Memory access violation via a crafted COFF binary",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22506",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b"
]
},
{
"VulnerabilityID": "CVE-2017-17122",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Excessive memory allocation in the dump_relocs_in_section function",
"Description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22508",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f"
]
},
{
"VulnerabilityID": "CVE-2017-17123",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the coff_slurp_reloc_table function",
"Description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22509",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543"
]
},
{
"VulnerabilityID": "CVE-2017-17124",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap buffer overflow in the _bfd_coff_read_string_table function",
"Description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22507",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c"
]
},
{
"VulnerabilityID": "CVE-2017-17125",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Buffer over-read in the _bfd_elf_get_symbol_version_string function",
"Description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22443",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4"
]
},
{
"VulnerabilityID": "CVE-2017-17126",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Invalid memory access in the load_debug_section function",
"Description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22510",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8"
]
},
{
"VulnerabilityID": "CVE-2017-6965",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer overflow in target_specific_reloc_handling in readelf",
"Description": "readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21137"
]
},
{
"VulnerabilityID": "CVE-2017-6966",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Use-after-free in target_specific_reloc_handling in readelf",
"Description": "readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21139"
]
},
{
"VulnerabilityID": "CVE-2017-6969",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in readelf when processing corrupt RL78 binaries",
"Description": "readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97065",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21156"
]
},
{
"VulnerabilityID": "CVE-2017-7209",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Null pointer dereference in dump_section_as_bytes function in readelf",
"Description": "The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/96994",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21135"
]
},
{
"VulnerabilityID": "CVE-2017-7210",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-reads in objdump",
"Description": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/96992",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21157"
]
},
{
"VulnerabilityID": "CVE-2017-7223",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Global buffer overflow when attempting to unget EOF character",
"Description": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20898"
]
},
{
"VulnerabilityID": "CVE-2017-7224",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Invalid write in find_nearest_line function",
"Description": "The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97277",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20892"
]
},
{
"VulnerabilityID": "CVE-2017-7225",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Null pointer dereference and invalid write in find_nearest_line function in addr2line",
"Description": "The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97275",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20891"
]
},
{
"VulnerabilityID": "CVE-2017-7226",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd",
"Description": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20905"
]
},
{
"VulnerabilityID": "CVE-2017-7227",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-based buffer overflow in ld due to missing null termination",
"Description": "GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\\0' termination of a name field in ldlex.l.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97209",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20906"
]
},
{
"VulnerabilityID": "CVE-2017-7299",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read in bfd_elf_final_link function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97217",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20908"
]
},
{
"VulnerabilityID": "CVE-2017-7300",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-buffer overflow in aout_link_add_symbols function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97219",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20909"
]
},
{
"VulnerabilityID": "CVE-2017-7301",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Off-by-one error in aout_link_add_symbols function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97218",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20924"
]
},
{
"VulnerabilityID": "CVE-2017-7302",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read in wap_std_reloc_out function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97216",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20921"
]
},
{
"VulnerabilityID": "CVE-2017-7303",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read in find_link function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97213",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20922"
]
},
{
"VulnerabilityID": "CVE-2017-7304",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read in copy_special_section_fields function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97215",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20931"
]
},
{
"VulnerabilityID": "CVE-2017-8392",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the _bfd_dwarf2_find_nearest_line function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",
"Severity": "MEDIUM",
"References": [
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21409"
]
},
{
"VulnerabilityID": "CVE-2017-8393",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read due to wrong assumption for objcopy and strip",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21412"
]
},
{
"VulnerabilityID": "CVE-2017-8394",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the _bfd_elf_large_com_section",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21414"
]
},
{
"VulnerabilityID": "CVE-2017-8395",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds write in the _bfd_generic_get_section_contents function",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21431"
]
},
{
"VulnerabilityID": "CVE-2017-8396",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read in the existing reloc offset range tests",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21432"
]
},
{
"VulnerabilityID": "CVE-2017-8397",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read and write while processing binary containing reloc(s) with negative addresses",
"Description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21434"
]
},
{
"VulnerabilityID": "CVE-2017-8398",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read while dumping the debug information from a corrupt binary",
"Description": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21438"
]
},
{
"VulnerabilityID": "CVE-2017-9038",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap-buffer overflow in the byte_get_little_endian",
"Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/98589",
"https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d"
]
},
{
"VulnerabilityID": "CVE-2017-9039",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Memory consumption via many program headers",
"Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/98580",
"https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5"
]
},
{
"VulnerabilityID": "CVE-2017-9040",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in the process_mips_specific_function",
"Description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/98579",
"https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf"
]
},
{
"VulnerabilityID": "CVE-2017-9041",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap buffer overflow in the process_mips_specific function",
"Description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/98598",
"https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3"
]
},
{
"VulnerabilityID": "CVE-2017-9042",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Invalid variable type in readelf.c",
"Description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf"
]
},
{
"VulnerabilityID": "CVE-2017-9043",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Shift exponent too large for type unsigned long in readelf.c",
"Description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/98591",
"https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54"
]
},
{
"VulnerabilityID": "CVE-2017-9044",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Out-of-bounds read in the print_symbol_for_build_attribute function",
"Description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/98587",
"https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044"
]
},
{
"VulnerabilityID": "CVE-2017-9742",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Global buffer over-read in print_insn_score16 function while disassembling corrupt score binary",
"Description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99105",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21576",
"https://www.exploit-db.com/exploits/42203/"
]
},
{
"VulnerabilityID": "CVE-2017-9743",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Global buffer over-read in print_insn_score32 function while disassembling corrupt score binary",
"Description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99106",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21577"
]
},
{
"VulnerabilityID": "CVE-2017-9744",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Address violation in sh_elf_set_mach_from_flags function when disassembling a corrupt SH binary",
"Description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99108",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21578"
]
},
{
"VulnerabilityID": "CVE-2017-9745",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap buffer over-read in _bfd_vms_slurp_etir function when handling VMS alpha binaries",
"Description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99109",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21579"
]
},
{
"VulnerabilityID": "CVE-2017-9746",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap buffer over-read in disassemble_bytes function when disassembling a corrupt binary",
"Description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99117",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21580",
"https://www.exploit-db.com/exploits/42199/"
]
},
{
"VulnerabilityID": "CVE-2017-9747",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack-based buffer over-read in ieee_archive_p function while disassembling corrupt IEEE binary",
"Description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99114",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21581",
"https://www.exploit-db.com/exploits/42200/"
]
},
{
"VulnerabilityID": "CVE-2017-9748",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack-based buffer over-read in ieee_object_p function",
"Description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99110",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21582",
"https://www.exploit-db.com/exploits/42202/"
]
},
{
"VulnerabilityID": "CVE-2017-9749",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Global buffer over-read in *regs* macros when disassembling corrupt bfin binary",
"Description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99113",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21586",
"https://www.exploit-db.com/exploits/42201/"
]
},
{
"VulnerabilityID": "CVE-2017-9750",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Global buffer over-read in opcodes/rx-decode.opc when disassembling a corrupt RX binary",
"Description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99118",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21587",
"https://www.exploit-db.com/exploits/42198/"
]
},
{
"VulnerabilityID": "CVE-2017-9751",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack-based buffer over-read in opcodes/rl78-decode.opc when disassembling a corrupt RL78 binary",
"Description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99111",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21588"
]
},
{
"VulnerabilityID": "CVE-2017-9752",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Heap buffer over-read in f_bfd_vms_get_value function when processing a corrupt Alpha VMA binary",
"Description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99122",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21589"
]
},
{
"VulnerabilityID": "CVE-2017-9753",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Address violation in versados_mkobject function when disassembling a corrupt versados binary",
"Description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99116",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21591"
]
},
{
"VulnerabilityID": "CVE-2017-9754",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack-based buffer over-read in process_otr function",
"Description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99125",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21591"
]
},
{
"VulnerabilityID": "CVE-2017-9755",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Global buffer over-read in opcodes/i386-dis.c while checking invalid registers",
"Description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99124",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21594"
]
},
{
"VulnerabilityID": "CVE-2017-9756",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Address violation in aarch64_ext_ldst_reglist function when disassembling corrupt aarch64 binary",
"Description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99103",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756",
"https://security.gentoo.org/glsa/201801-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21595",
"https://www.exploit-db.com/exploits/42204/"
]
},
{
"VulnerabilityID": "CVE-2017-9954",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: stack-based buffer over-read in getvalue function",
"Description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99307",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954",
"https://security.gentoo.org/glsa/201709-02",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21670"
]
},
{
"VulnerabilityID": "CVE-2017-9955",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: heap buffer over-read in get_build_id function",
"Description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99573",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21665"
]
},
{
"VulnerabilityID": "CVE-2018-1000876",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"FixedVersion": "2.27-41.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: integer overflow leads to heap-based buffer overflow in objdump",
"Description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106304",
"https://access.redhat.com/errata/RHSA-2019:2075",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23994",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f"
]
},
{
"VulnerabilityID": "CVE-2018-12641",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"FixedVersion": "2.27-41.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack Exhaustion in the demangling functions provided by libiberty",
"Description": "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:2075",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23058"
]
},
{
"VulnerabilityID": "CVE-2018-12697",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"FixedVersion": "2.27-41.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c.",
"Description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/104538",
"https://access.redhat.com/errata/RHSA-2019:2075",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23057"
]
},
{
"VulnerabilityID": "CVE-2018-12698",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: excessive memory consumption in demangle_template in cplus-dem.c",
"Description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/104539",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23057"
]
},
{
"VulnerabilityID": "CVE-2018-12700",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack Exhaustion in debug_write_type in debug.c",
"Description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/104541",
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454",
"https://security.gentoo.org/glsa/201908-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23057"
]
},
{
"VulnerabilityID": "CVE-2018-12934",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c",
"Description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.",
"Severity": "MEDIUM",
"References": [
"https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23059"
]
},
{
"VulnerabilityID": "CVE-2018-14038",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libbfd: remote dos via crafted file in function aout_32_swap_std_reloc_out in aoutx.h",
"Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7642. Reason: This candidate is a reservation duplicate of CVE-2018-7642. Notes: All CVE users should reference CVE-2018-7642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"Severity": "MEDIUM"
},
{
"VulnerabilityID": "CVE-2018-17794",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input",
"Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.",
"Severity": "MEDIUM",
"References": [
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350"
]
},
{
"VulnerabilityID": "CVE-2018-17985",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack consumption problem caused by the cplus_demangle_type",
"Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.",
"Severity": "MEDIUM",
"References": [
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335"
]
},
{
"VulnerabilityID": "CVE-2018-18483",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service",
"Description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105689",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23767"
]
},
{
"VulnerabilityID": "CVE-2018-18484",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack exhaustion in cp-demangle.c allows for denial of service",
"Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105693",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636"
]
},
{
"VulnerabilityID": "CVE-2018-18605",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c",
"Description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105754",
"https://deb.freexian.com/extended-lts/tracker/CVE-2018-18605",
"https://security.netapp.com/advisory/ntap-20190307-0003/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23804",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61"
]
},
{
"VulnerabilityID": "CVE-2018-18606",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c",
"Description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105754",
"https://deb.freexian.com/extended-lts/tracker/CVE-2018-18606",
"https://security.netapp.com/advisory/ntap-20190307-0003/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23806",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc"
]
},
{
"VulnerabilityID": "CVE-2018-18607",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c",
"Description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105754",
"https://deb.freexian.com/extended-lts/tracker/CVE-2018-18607",
"https://security.netapp.com/advisory/ntap-20190307-0003/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23805",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a"
]
},
{
"VulnerabilityID": "CVE-2018-18700",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c",
"Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.",
"Severity": "MEDIUM",
"References": [
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681"
]
},
{
"VulnerabilityID": "CVE-2018-18701",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c",
"Description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.",
"Severity": "MEDIUM",
"References": [
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675"
]
},
{
"VulnerabilityID": "CVE-2018-19932",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service",
"Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106144",
"https://security.gentoo.org/glsa/201908-01",
"https://security.netapp.com/advisory/ntap-20190221-0004/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23932",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7"
]
},
{
"VulnerabilityID": "CVE-2018-20002",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c",
"Description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106142",
"https://security.gentoo.org/glsa/201908-01",
"https://security.netapp.com/advisory/ntap-20190221-0004/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23952",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9",
"https://support.f5.com/csp/article/K62602089"
]
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106444",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://support.f5.com/csp/article/K62602089"
]
},
{
"VulnerabilityID": "CVE-2018-20673",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libiberty: Integer overflow in demangle_template() function",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106454",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24039"
]
},
{
"VulnerabilityID": "CVE-2018-6323",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Integer overflow in elf_object_p function in elfcode.h",
"Description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/102821",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22746",
"https://www.exploit-db.com/exploits/44035/"
]
},
{
"VulnerabilityID": "CVE-2018-6759",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Unchecked strnlen in opncls.c:bfd_get_debug_link_info_1() can allow lead to denial of service",
"Description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/103030",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22794"
]
},
{
"VulnerabilityID": "CVE-2018-6872",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library",
"Description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/103103",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872",
"https://security.gentoo.org/glsa/201811-17",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22788",
"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6"
]
},
{
"VulnerabilityID": "CVE-2018-9138",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack Exhaustion in the the C++ demangling functions provided by libiberty",
"Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.",
"Severity": "MEDIUM",
"References": [
"https://sourceware.org/bugzilla/show_bug.cgi?id=23008"
]
},
{
"VulnerabilityID": "CVE-2018-9996",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Stack-overflow in libiberty/cplus-dem.c causes crash",
"Description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/103733",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304"
]
},
{
"VulnerabilityID": "CVE-2019-1010204",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
"Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
"Severity": "MEDIUM",
"References": [
"https://security.netapp.com/advisory/ntap-20190822-0001/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23765"
]
},
{
"VulnerabilityID": "CVE-2019-14250",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow",
"Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/109354",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924",
"https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html",
"https://security.netapp.com/advisory/ntap-20190822-0002/"
]
},
{
"VulnerabilityID": "CVE-2019-9074",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: out-of-bound read in function bfd_getl32 in libbfd.c",
"Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.",
"Severity": "MEDIUM",
"References": [
"https://security.netapp.com/advisory/ntap-20190314-0003/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24235",
"https://support.f5.com/csp/article/K09092524"
]
},
{
"VulnerabilityID": "CVE-2019-9075",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c",
"Description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.",
"Severity": "MEDIUM",
"References": [
"https://security.netapp.com/advisory/ntap-20190314-0003/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24236",
"https://support.f5.com/csp/article/K42059040"
]
},
{
"VulnerabilityID": "CVE-2019-9077",
"PkgName": "binutils",
"InstalledVersion": "2.27-34.base.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: heap-based buffer overflow in function process_mips_specific in readelf.c",
"Description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/107139",
"https://security.netapp.com/advisory/ntap-20190314-0003/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24243",
"https://support.f5.com/csp/article/K00056379"
]
},
{
"VulnerabilityID": "CVE-2019-12900",
"PkgName": "bzip2-libs",
"InstalledVersion": "1.0.6-13.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bzip2: out-of-bounds write in function BZ2_decompress",
"Description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900",
"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html",
"https://usn.ubuntu.com/4038-1/",
"https://usn.ubuntu.com/4038-2/"
]
},
{
"VulnerabilityID": "CVE-2016-3189",
"PkgName": "bzip2-libs",
"InstalledVersion": "1.0.6-13.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "bzip2: heap use after free in bzip2recover",
"Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/06/20/1",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/91297",
"http://www.securitytracker.com/id/1036132",
"https://bugzilla.redhat.com/show_bug.cgi?id=1319648",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189",
"https://security.gentoo.org/glsa/201708-08"
]
},
{
"VulnerabilityID": "CVE-2014-9471",
"PkgName": "coreutils",
"InstalledVersion": "8.22-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "coreutils: memory corruption flaw in parse_datetime()",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "HIGH",
"References": [
"http://advisories.mageia.org/MGASA-2015-0029.html",
"http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872",
"http://secunia.com/advisories/62226",
"http://ubuntu.com/usn/usn-2473-1",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:179",
"http://www.openwall.com/lists/oss-security/2014/11/25/1",
"http://www.openwall.com/lists/oss-security/2014/11/25/4",
"http://www.openwall.com/lists/oss-security/2015/01/03/11",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471",
"https://security.gentoo.org/glsa/201612-22"
]
},
{
"VulnerabilityID": "CVE-2015-4041",
"PkgName": "coreutils",
"InstalledVersion": "8.22-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "coreutils: heap buffer overflow in sort(1) keycompare_mb()",
"Description": "No description is available for this CVE.",
"Severity": "LOW"
},
{
"VulnerabilityID": "CVE-2015-4042",
"PkgName": "coreutils",
"InstalledVersion": "8.22-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "coreutils: possible buffer overflow in keycompare_mb()",
"Description": "No description is available for this CVE.",
"Severity": "LOW"
},
{
"VulnerabilityID": "CVE-2016-2781",
"PkgName": "coreutils",
"InstalledVersion": "8.22-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "coreutils: Non-privileged session can escape to the parent session in chroot",
"Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Severity": "LOW",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/28/2",
"http://www.openwall.com/lists/oss-security/2016/02/28/3"
]
},
{
"VulnerabilityID": "CVE-2017-18018",
"PkgName": "coreutils",
"InstalledVersion": "8.22-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "coreutils: race condition vulnerability in chown and chgrp",
"Description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.",
"Severity": "LOW",
"References": [
"http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html"
]
},
{
"VulnerabilityID": "CVE-2016-2037",
"PkgName": "cpio",
"InstalledVersion": "2.11-27.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "cpio: out of bounds write",
"Description": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2016/dsa-3483",
"http://www.openwall.com/lists/oss-security/2016/01/19/4",
"http://www.openwall.com/lists/oss-security/2016/01/22/4",
"http://www.securityfocus.com/bid/82293",
"http://www.securitytracker.com/id/1035067",
"http://www.ubuntu.com/usn/USN-2906-1"
]
},
{
"VulnerabilityID": "CVE-2015-1197",
"PkgName": "cpio",
"InstalledVersion": "2.11-27.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "cpio: directory traversal through symlinks",
"Description": "cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2015-0080.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:066",
"http://www.openwall.com/lists/oss-security/2015/01/07/5",
"http://www.openwall.com/lists/oss-security/2015/01/18/7",
"http://www.securityfocus.com/bid/71914",
"http://www.ubuntu.com/usn/USN-2906-1",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774669",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1197",
"https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html"
]
},
{
"VulnerabilityID": "CVE-2016-6318",
"PkgName": "cracklib",
"InstalledVersion": "2.9.0-11.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field",
"Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html",
"http://www.openwall.com/lists/oss-security/2016/08/16/2",
"http://www.securityfocus.com/bid/92478",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318",
"https://security.gentoo.org/glsa/201612-25"
]
},
{
"VulnerabilityID": "CVE-2016-6318",
"PkgName": "cracklib-dicts",
"InstalledVersion": "2.9.0-11.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "cracklib: Stack-based buffer overflow when parsing large GECOS field",
"Description": "Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html",
"http://www.openwall.com/lists/oss-security/2016/08/16/2",
"http://www.securityfocus.com/bid/92478",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318",
"https://security.gentoo.org/glsa/201612-25"
]
},
{
"VulnerabilityID": "CVE-2018-14618",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"FixedVersion": "7.29.0-51.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: NTLM password overflow via integer overflow",
"Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",
"Severity": "CRITICAL",
"References": [
"http://www.securitytracker.com/id/1041605",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618",
"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"https://curl.haxx.se/docs/CVE-2018-14618.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014",
"https://security.gentoo.org/glsa/201903-03",
"https://usn.ubuntu.com/3765-1/",
"https://usn.ubuntu.com/3765-2/",
"https://www.debian.org/security/2018/dsa-4286"
]
},
{
"VulnerabilityID": "CVE-2016-8618",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Double-free in curl_maprintf",
"Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.",
"Severity": "HIGH",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94098",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618",
"https://curl.haxx.se/docs/adv_20161102D.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8619",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Double-free in krb5 code",
"Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.",
"Severity": "HIGH",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94100",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619",
"https://curl.haxx.se/CVE-2016-8619.patch",
"https://curl.haxx.se/docs/adv_20161102E.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8622",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: URL unescape heap overflow via integer truncation",
"Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.",
"Severity": "HIGH",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94105",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622",
"https://curl.haxx.se/docs/adv_20161102H.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2017-8817",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: FTP wildcard out of bounds read",
"Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.",
"Severity": "HIGH",
"References": [
"http://security.cucumberlinux.com/security/details.php?id=162",
"http://www.securityfocus.com/bid/102057",
"http://www.securitytracker.com/id/1039897",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/docs/adv_2017-ae72.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html",
"https://security.gentoo.org/glsa/201712-04",
"https://www.debian.org/security/2017/dsa-4051"
]
},
{
"VulnerabilityID": "CVE-2019-5482",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: heap buffer overflow in function tftp_receive_packet()",
"Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
"https://curl.haxx.se/docs/CVE-2019-5482.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
]
},
{
"VulnerabilityID": "CVE-2015-3153",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: sensitive HTTP server headers also sent to proxies",
"Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.",
"Severity": "MEDIUM",
"References": [
"http://curl.haxx.se/docs/adv_20150429.html",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html",
"http://www.debian.org/security/2015/dsa-3240",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/74408",
"http://www.securitytracker.com/id/1032233",
"http://www.ubuntu.com/usn/USN-2591-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131",
"https://support.apple.com/kb/HT205031"
]
},
{
"VulnerabilityID": "CVE-2016-0755",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: NTLM credentials not-checked for proxy connection re-use",
"Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
"Severity": "MEDIUM",
"References": [
"http://curl.haxx.se/docs/adv_20160127A.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html",
"http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html",
"http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html",
"http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html",
"http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html",
"http://www.debian.org/security/2016/dsa-3455",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/82307",
"http://www.securitytracker.com/id/1034882",
"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965",
"http://www.ubuntu.com/usn/USN-2882-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755",
"https://security.gentoo.org/glsa/201701-47",
"https://support.apple.com/HT207170"
]
},
{
"VulnerabilityID": "CVE-2016-8615",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Cookie injection for other servers",
"Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94096",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615",
"https://curl.haxx.se/CVE-2016-8615.patch",
"https://curl.haxx.se/docs/adv_20161102A.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8616",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Case insensitive password comparison",
"Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94094",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616",
"https://curl.haxx.se/CVE-2016-8616.patch",
"https://curl.haxx.se/docs/adv_20161102B.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8617",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Out-of-bounds write via unchecked multiplication",
"Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94097",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617",
"https://curl.haxx.se/CVE-2016-8617.patch",
"https://curl.haxx.se/docs/adv_20161102C.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8621",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: curl_getdate out-of-bounds read",
"Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94101",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621",
"https://curl.haxx.se/CVE-2016-8621.patch",
"https://curl.haxx.se/docs/adv_20161102G.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8623",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Use-after-free via shared cookies",
"Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94106",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623",
"https://curl.haxx.se/CVE-2016-8623.patch",
"https://curl.haxx.se/docs/adv_20161102I.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8624",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Invalid URL parsing with '#'",
"Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94103",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624",
"https://curl.haxx.se/docs/adv_20161102J.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8625",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: IDNA 2003 makes curl use wrong host",
"Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/94107",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625",
"https://curl.haxx.se/CVE-2016-8625.patch",
"https://curl.haxx.se/docs/adv_20161102K.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-9586",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: printf floating point buffer overflow",
"Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/95019",
"http://www.securitytracker.com/id/1037515",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586",
"https://curl.haxx.se/docs/adv_20161221A.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586",
"https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html",
"https://security.gentoo.org/glsa/201701-47"
]
},
{
"VulnerabilityID": "CVE-2017-1000100",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: TFTP sends more than buffer size",
"Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3992",
"http://www.securityfocus.com/bid/100286",
"http://www.securitytracker.com/id/1039118",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/docs/adv_20170809B.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100",
"https://security.gentoo.org/glsa/201709-14",
"https://support.apple.com/HT208221"
]
},
{
"VulnerabilityID": "CVE-2017-1000254",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: FTP PWD response parser out of bounds read",
"Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3992",
"http://www.securityfocus.com/bid/101115",
"http://www.securitytracker.com/id/1039509",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/673d0cd8.patch",
"https://curl.haxx.se/docs/adv_20171004.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254",
"https://security.gentoo.org/glsa/201712-04",
"https://support.apple.com/HT208331"
]
},
{
"VulnerabilityID": "CVE-2018-16842",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"FixedVersion": "7.29.0-54.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Heap-based buffer over-read in the curl tool warning formatting",
"Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"Severity": "MEDIUM",
"References": [
"http://www.securitytracker.com/id/1042014",
"https://access.redhat.com/errata/RHSA-2019:2181",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842",
"https://curl.haxx.se/docs/CVE-2018-16842.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842",
"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html",
"https://security.gentoo.org/glsa/201903-03",
"https://usn.ubuntu.com/3805-1/",
"https://usn.ubuntu.com/3805-2/",
"https://www.debian.org/security/2018/dsa-4331"
]
},
{
"VulnerabilityID": "CVE-2019-5436",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function",
"Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html",
"https://curl.haxx.se/docs/CVE-2019-5436.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/",
"https://security.netapp.com/advisory/ntap-20190606-0004/"
]
},
{
"VulnerabilityID": "CVE-2017-7407",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: --write-out out of bounds read",
"Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.",
"Severity": "LOW",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/docs/adv_20170403.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407",
"https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13",
"https://security.gentoo.org/glsa/201709-14"
]
},
{
"VulnerabilityID": "CVE-2018-20483",
"PkgName": "curl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "wget: Information exposure in set_file_metadata function in xattr.c",
"Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.",
"Severity": "LOW",
"References": [
"http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS",
"http://www.securityfocus.com/bid/106358",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483",
"https://security.gentoo.org/glsa/201903-08",
"https://security.netapp.com/advisory/ntap-20190321-0002/",
"https://twitter.com/marcan42/status/1077676739877232640",
"https://usn.ubuntu.com/3943-1/"
]
},
{
"VulnerabilityID": "CVE-2014-3635",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: heap-based buffer overflow flaw in file descriptor passing",
"Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.",
"Severity": "MEDIUM",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=83622"
]
},
{
"VulnerabilityID": "CVE-2014-3477",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service flaw in dbus-daemon",
"Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0266.html",
"http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567",
"http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html",
"http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://seclists.org/oss-sec/2014/q2/509",
"http://secunia.com/advisories/59428",
"http://secunia.com/advisories/59611",
"http://secunia.com/advisories/59798",
"http://www.debian.org/security/2014/dsa-2971",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.securityfocus.com/bid/67986",
"https://bugs.freedesktop.org/show_bug.cgi?id=78979"
]
},
{
"VulnerabilityID": "CVE-2014-3532",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service in file descriptor passing feature",
"Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0294.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://openwall.com/lists/oss-security/2014/07/02/4",
"http://secunia.com/advisories/59611",
"http://secunia.com/advisories/59798",
"http://secunia.com/advisories/60236",
"http://www.debian.org/security/2014/dsa-2971",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"https://bugs.freedesktop.org/show_bug.cgi?id=80163",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532"
]
},
{
"VulnerabilityID": "CVE-2014-3533",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service when forwarding invalid file descriptors",
"Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0294.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://openwall.com/lists/oss-security/2014/07/02/4",
"http://secunia.com/advisories/59611",
"http://secunia.com/advisories/59798",
"http://secunia.com/advisories/60236",
"http://www.debian.org/security/2014/dsa-2971",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"https://bugs.freedesktop.org/show_bug.cgi?id=79694",
"https://bugs.freedesktop.org/show_bug.cgi?id=80469",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533"
]
},
{
"VulnerabilityID": "CVE-2014-3636",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service by queuing or splitting file descriptors",
"Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=82820",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636"
]
},
{
"VulnerabilityID": "CVE-2014-3637",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service by creating unkillable D-Bus connections",
"Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.openwall.com/lists/oss-security/2019/06/24/13",
"http://www.openwall.com/lists/oss-security/2019/06/24/14",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=80559",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637"
]
},
{
"VulnerabilityID": "CVE-2014-3638",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service in method call handling",
"Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://secunia.com/advisories/61431",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=81053",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638"
]
},
{
"VulnerabilityID": "CVE-2014-3639",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service flaw in incomplete connection handling",
"Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://secunia.com/advisories/61431",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=80919",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639"
]
},
{
"VulnerabilityID": "CVE-2015-0245",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service in dbus systemd activation",
"Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2015-0071.html",
"http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html",
"http://www.debian.org/security/2015/dsa-3161",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2015/02/09/6",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
]
},
{
"VulnerabilityID": "CVE-2019-12749",
"PkgName": "dbus",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
"Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.",
"Severity": "LOW",
"References": [
"http://www.openwall.com/lists/oss-security/2019/06/11/2",
"http://www.securityfocus.com/bid/108751",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/",
"https://seclists.org/bugtraq/2019/Jun/16",
"https://usn.ubuntu.com/4015-1/",
"https://usn.ubuntu.com/4015-2/",
"https://www.debian.org/security/2019/dsa-4462",
"https://www.openwall.com/lists/oss-security/2019/06/11/2"
]
},
{
"VulnerabilityID": "CVE-2014-3635",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: heap-based buffer overflow flaw in file descriptor passing",
"Description": "Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.",
"Severity": "MEDIUM",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=83622"
]
},
{
"VulnerabilityID": "CVE-2014-3477",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service flaw in dbus-daemon",
"Description": "The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0266.html",
"http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.8\u0026id=24c590703ca47eb71ddef453de43126b90954567",
"http://lists.opensuse.org/opensuse-updates/2014-06/msg00042.html",
"http://lists.opensuse.org/opensuse-updates/2014-07/msg00012.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://seclists.org/oss-sec/2014/q2/509",
"http://secunia.com/advisories/59428",
"http://secunia.com/advisories/59611",
"http://secunia.com/advisories/59798",
"http://www.debian.org/security/2014/dsa-2971",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.securityfocus.com/bid/67986",
"https://bugs.freedesktop.org/show_bug.cgi?id=78979"
]
},
{
"VulnerabilityID": "CVE-2014-3532",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service in file descriptor passing feature",
"Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0294.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://openwall.com/lists/oss-security/2014/07/02/4",
"http://secunia.com/advisories/59611",
"http://secunia.com/advisories/59798",
"http://secunia.com/advisories/60236",
"http://www.debian.org/security/2014/dsa-2971",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"https://bugs.freedesktop.org/show_bug.cgi?id=80163",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532"
]
},
{
"VulnerabilityID": "CVE-2014-3533",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service when forwarding invalid file descriptors",
"Description": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0294.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://openwall.com/lists/oss-security/2014/07/02/4",
"http://secunia.com/advisories/59611",
"http://secunia.com/advisories/59798",
"http://secunia.com/advisories/60236",
"http://www.debian.org/security/2014/dsa-2971",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"https://bugs.freedesktop.org/show_bug.cgi?id=79694",
"https://bugs.freedesktop.org/show_bug.cgi?id=80469",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3533"
]
},
{
"VulnerabilityID": "CVE-2014-3636",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service by queuing or splitting file descriptors",
"Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=82820",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3636"
]
},
{
"VulnerabilityID": "CVE-2014-3637",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service by creating unkillable D-Bus connections",
"Description": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.openwall.com/lists/oss-security/2019/06/24/13",
"http://www.openwall.com/lists/oss-security/2019/06/24/14",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=80559",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3637"
]
},
{
"VulnerabilityID": "CVE-2014-3638",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service in method call handling",
"Description": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://secunia.com/advisories/61431",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=81053",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3638"
]
},
{
"VulnerabilityID": "CVE-2014-3639",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service flaw in incomplete connection handling",
"Description": "The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0395.html",
"http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html",
"http://secunia.com/advisories/61378",
"http://secunia.com/advisories/61431",
"http://www.debian.org/security/2014/dsa-3026",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2014/09/16/9",
"http://www.securitytracker.com/id/1030864",
"http://www.ubuntu.com/usn/USN-2352-1",
"https://bugs.freedesktop.org/show_bug.cgi?id=80919",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3639"
]
},
{
"VulnerabilityID": "CVE-2015-0245",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: denial of service in dbus systemd activation",
"Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2015-0071.html",
"http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html",
"http://www.debian.org/security/2015/dsa-3161",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:176",
"http://www.openwall.com/lists/oss-security/2015/02/09/6",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
]
},
{
"VulnerabilityID": "CVE-2019-12749",
"PkgName": "dbus-libs",
"InstalledVersion": "1:1.10.24-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
"Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.",
"Severity": "LOW",
"References": [
"http://www.openwall.com/lists/oss-security/2019/06/11/2",
"http://www.securityfocus.com/bid/108751",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/",
"https://seclists.org/bugtraq/2019/Jun/16",
"https://usn.ubuntu.com/4015-1/",
"https://usn.ubuntu.com/4015-2/",
"https://www.debian.org/security/2019/dsa-4462",
"https://www.openwall.com/lists/oss-security/2019/06/11/2"
]
},
{
"VulnerabilityID": "CVE-2016-4484",
"PkgName": "dracut",
"InstalledVersion": "033-554.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "dracut: Brute force attack on LUKS password decryption via initramfs",
"Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.",
"Severity": "HIGH",
"References": [
"http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html",
"http://www.openwall.com/lists/oss-security/2016/11/14/13",
"http://www.openwall.com/lists/oss-security/2016/11/15/1",
"http://www.openwall.com/lists/oss-security/2016/11/15/4",
"http://www.openwall.com/lists/oss-security/2016/11/16/6",
"http://www.securityfocus.com/bid/94315",
"https://access.redhat.com/articles/2786581",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484",
"https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb"
]
},
{
"VulnerabilityID": "CVE-2018-16402",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash",
"Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23528",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2016-10254",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in allocate_elf",
"Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/03/22/2",
"https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254",
"https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2016-10255",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)",
"Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/03/22/1",
"https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387584",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255",
"https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7607",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function",
"Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"http://www.securityfocus.com/bid/98608",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7608",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function",
"Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"http://www.securityfocus.com/bid/98609",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7609",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in elf_compress.c",
"Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7610",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_group function",
"Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7611",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function",
"Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7612",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function",
"Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7613",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: elflint.c does not validate the number of sections and segments",
"Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16062",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file",
"Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23541",
"https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16403",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash",
"Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23529",
"https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18310",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl",
"Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23752",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18520",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: eu-size cannot handle recursive ar files",
"Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23787",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18521",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c",
"Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23786",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7149",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw",
"Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24102",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7150",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c",
"Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24103",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7664",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h",
"Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24084"
]
},
{
"VulnerabilityID": "CVE-2019-7665",
"PkgName": "elfutils-default-yama-scope",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c",
"Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24089",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16402",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash",
"Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23528",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2016-10254",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in allocate_elf",
"Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/03/22/2",
"https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254",
"https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2016-10255",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)",
"Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/03/22/1",
"https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387584",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255",
"https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7607",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function",
"Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"http://www.securityfocus.com/bid/98608",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7608",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function",
"Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"http://www.securityfocus.com/bid/98609",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7609",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in elf_compress.c",
"Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7610",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_group function",
"Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7611",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function",
"Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7612",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function",
"Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7613",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: elflint.c does not validate the number of sections and segments",
"Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16062",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file",
"Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23541",
"https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16403",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash",
"Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23529",
"https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18310",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl",
"Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23752",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18520",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: eu-size cannot handle recursive ar files",
"Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23787",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18521",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c",
"Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23786",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7149",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw",
"Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24102",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7150",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c",
"Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24103",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7664",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h",
"Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24084"
]
},
{
"VulnerabilityID": "CVE-2019-7665",
"PkgName": "elfutils-libelf",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c",
"Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24089",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16402",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Double-free due to double decompression of sections in crafted ELF causes crash",
"Description": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23528",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2016-10254",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in allocate_elf",
"Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/03/22/2",
"https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254",
"https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2016-10255",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)",
"Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/03/22/1",
"https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387584",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255",
"https://lists.fedorahosted.org/archives/list/elfutils-devel@lists.fedorahosted.org/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7607",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the handle_gnu_hash function",
"Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"http://www.securityfocus.com/bid/98608",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7608",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the ebl_object_note_type_name function",
"Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"http://www.securityfocus.com/bid/98609",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7609",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Memory allocation failure in elf_compress.c",
"Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7610",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_group function",
"Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7611",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_symtab_shndx function",
"Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7612",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-buffer overflow in the check_sysv_hash function",
"Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2017-7613",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: elflint.c does not validate the number of sections and segments",
"Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://security.gentoo.org/glsa/201710-10",
"https://usn.ubuntu.com/3670-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16062",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file",
"Description": "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23541",
"https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-16403",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash",
"Description": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html",
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23529",
"https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18310",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl",
"Description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23752",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18520",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: eu-size cannot handle recursive ar files",
"Description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23787",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2018-18521",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c",
"Description": "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=23786",
"https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7149",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw",
"Description": "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24102",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7150",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c",
"Description": "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24103",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2019-7664",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h",
"Description": "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:2197",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7664",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24084"
]
},
{
"VulnerabilityID": "CVE-2019-7665",
"PkgName": "elfutils-libs",
"InstalledVersion": "0.172-2.el7",
"FixedVersion": "0.176-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c",
"Description": "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665",
"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24089",
"https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html",
"https://usn.ubuntu.com/4012-1/"
]
},
{
"VulnerabilityID": "CVE-2015-2716",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Mozilla: Buffer overflow when parsing compressed XML (MFSA 2015-54)",
"Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html",
"http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html",
"http://rhn.redhat.com/errata/RHSA-2015-0988.html",
"http://rhn.redhat.com/errata/RHSA-2015-1012.html",
"http://www.debian.org/security/2015/dsa-3260",
"http://www.debian.org/security/2015/dsa-3264",
"http://www.mozilla.org/security/announce/2015/mfsa2015-54.html",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"http://www.securityfocus.com/bid/74611",
"http://www.ubuntu.com/usn/USN-2602-1",
"http://www.ubuntu.com/usn/USN-2603-1",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1140537",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716",
"https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c",
"https://security.gentoo.org/glsa/201605-06",
"https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7",
"https://www.tenable.com/security/tns-2016-20"
]
},
{
"VulnerabilityID": "CVE-2016-5300",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "expat: Little entropy used for hash initialization",
"Description": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.",
"Severity": "HIGH",
"References": [
"http://www.debian.org/security/2016/dsa-3597",
"http://www.openwall.com/lists/oss-security/2016/06/04/4",
"http://www.openwall.com/lists/oss-security/2016/06/04/5",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/91159",
"http://www.ubuntu.com/usn/USN-3010-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300",
"https://security.gentoo.org/glsa/201701-21",
"https://source.android.com/security/bulletin/2016-11-01.html",
"https://www.tenable.com/security/tns-2016-20"
]
},
{
"VulnerabilityID": "CVE-2016-9063",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "firefox: Possible integer overflow to fix inside XML_Parse in Expat",
"Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/94337",
"http://www.securitytracker.com/id/1037298",
"http://www.securitytracker.com/id/1039427",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063",
"https://www.debian.org/security/2017/dsa-3898",
"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063",
"https://www.mozilla.org/security/advisories/mfsa2016-89/"
]
},
{
"VulnerabilityID": "CVE-2012-6702",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "expat: Using XML_Parse before rand() results into non-random output",
"Description": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2016/dsa-3597",
"http://www.openwall.com/lists/oss-security/2016/06/03/8",
"http://www.openwall.com/lists/oss-security/2016/06/04/1",
"http://www.securityfocus.com/bid/91483",
"http://www.ubuntu.com/usn/USN-3010-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702",
"https://security.gentoo.org/glsa/201701-21",
"https://source.android.com/security/bulletin/2016-11-01.html",
"https://www.tenable.com/security/tns-2016-20"
]
},
{
"VulnerabilityID": "CVE-2013-0340",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "expat: internal entity expansion",
"Description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"Severity": "MEDIUM",
"References": [
"http://openwall.com/lists/oss-security/2013/02/22/3",
"http://securitytracker.com/id?1028213",
"http://www.openwall.com/lists/oss-security/2013/04/12/6",
"http://www.osvdb.org/90634",
"http://www.securityfocus.com/bid/58233",
"https://security.gentoo.org/glsa/201701-21"
]
},
{
"VulnerabilityID": "CVE-2013-0341",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "expat: external entity expansion",
"Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"Severity": "MEDIUM"
},
{
"VulnerabilityID": "CVE-2016-4472",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "expat: Undefined behavior and pointer overflows",
"Description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/91528",
"http://www.ubuntu.com/usn/USN-3013-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1344251",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472",
"https://security.gentoo.org/glsa/201701-21",
"https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde",
"https://www.tenable.com/security/tns-2016-20"
]
},
{
"VulnerabilityID": "CVE-2017-9233",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "expat: Inifinite loop due to invalid XML in external entity",
"Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3898",
"http://www.openwall.com/lists/oss-security/2017/06/17/7",
"http://www.securityfocus.com/bid/99276",
"http://www.securitytracker.com/id/1039427",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233",
"https://github.com/libexpat/libexpat/blob/master/expat/Changes",
"https://libexpat.github.io/doc/cve-2017-9233/",
"https://support.apple.com/HT208112",
"https://support.apple.com/HT208113",
"https://support.apple.com/HT208115",
"https://support.apple.com/HT208144",
"https://support.f5.com/csp/article/K03244804"
]
},
{
"VulnerabilityID": "CVE-2019-15903",
"PkgName": "expat",
"InstalledVersion": "2.1.0-10.el7_3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "expat: heap-based buffer over-read via crafted XML input",
"Description": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"Severity": "MEDIUM",
"References": [
"http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903",
"https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43",
"https://github.com/libexpat/libexpat/issues/317",
"https://github.com/libexpat/libexpat/issues/342",
"https://github.com/libexpat/libexpat/pull/318",
"https://seclists.org/bugtraq/2019/Sep/30",
"https://usn.ubuntu.com/4132-1/",
"https://usn.ubuntu.com/4132-2/"
]
},
{
"VulnerabilityID": "CVE-2015-8865",
"PkgName": "file-libs",
"InstalledVersion": "5.11-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "file: Buffer over-write in finfo_open with malformed magic file",
"Description": "The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.",
"Severity": "HIGH",
"References": [
"http://bugs.gw.com/view.php?id=522",
"http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e",
"http://lists.apple.com/archives/security-announce/2016/May/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://www.debian.org/security/2016/dsa-3560",
"http://www.openwall.com/lists/oss-security/2016/04/24/1",
"http://www.php.net/ChangeLog-5.php",
"http://www.php.net/ChangeLog-7.php",
"http://www.securityfocus.com/bid/85802",
"http://www.ubuntu.com/usn/USN-2952-1",
"http://www.ubuntu.com/usn/USN-2952-2",
"https://bugs.php.net/bug.php?id=71527",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865",
"https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201611-22",
"https://security.gentoo.org/glsa/201701-42",
"https://support.apple.com/HT206567",
"https://usn.ubuntu.com/3686-1/",
"https://usn.ubuntu.com/3686-2/"
]
},
{
"VulnerabilityID": "CVE-2014-9620",
"PkgName": "file-libs",
"InstalledVersion": "5.11-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "file: limit the number of ELF notes processed",
"Description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.",
"Severity": "MEDIUM",
"References": [
"http://advisories.mageia.org/MGASA-2015-0040.html",
"http://mx.gw.com/pipermail/file/2014/001653.html",
"http://mx.gw.com/pipermail/file/2015/001660.html",
"http://rhn.redhat.com/errata/RHSA-2016-0760.html",
"http://www.debian.org/security/2015/dsa-3121",
"http://www.openwall.com/lists/oss-security/2015/01/17/9",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/71715",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620",
"https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4",
"https://security.gentoo.org/glsa/201503-08",
"https://usn.ubuntu.com/3686-1/"
]
},
{
"VulnerabilityID": "CVE-2018-10360",
"PkgName": "file-libs",
"InstalledVersion": "5.11-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "file: out-of-bounds read via a crafted ELF file",
"Description": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10360",
"https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22",
"https://security.gentoo.org/glsa/201806-08",
"https://usn.ubuntu.com/3686-1/",
"https://usn.ubuntu.com/3686-2/"
]
},
{
"VulnerabilityID": "CVE-2015-8391",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: inefficient posix character class syntax check (8.38/16)",
"Description": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "CRITICAL",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/82990",
"https://access.redhat.com/errata/RHSA-2016:1132",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-2327",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)",
"Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.fortiguard.com/advisory/FG-VD-15-010/",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/74924",
"https://bugs.exim.org/show_bug.cgi?id=1503",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327",
"https://jira.mongodb.org/browse/SERVER-17252"
]
},
{
"VulnerabilityID": "CVE-2015-2328",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)",
"Description": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.fortiguard.com/advisory/FG-VD-15-014/",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/74924",
"https://bugs.exim.org/show_bug.cgi?id=1515",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328",
"https://jira.mongodb.org/browse/SERVER-17252"
]
},
{
"VulnerabilityID": "CVE-2015-8385",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)",
"Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/85572",
"https://access.redhat.com/errata/RHSA-2016:1132",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8386",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: Buffer overflow caused by lookbehind assertion (8.38/6)",
"Description": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/82990",
"https://access.redhat.com/errata/RHSA-2016:1132",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8387",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: Integer overflow in subroutine calls (8.38/8)",
"Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/82990",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8388",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "CVE-2015-5073 CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)",
"Description": "PCRE before 8.38 mishandles the /(?=di(?\u003c=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/85576",
"https://access.redhat.com/errata/RHSA-2016:1132",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8390",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)",
"Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/82990",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8394",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)",
"Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/82990",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2016-3191",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)",
"Description": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.",
"Severity": "HIGH",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://vcs.pcre.org/pcre2?view=revision\u0026revision=489",
"http://vcs.pcre.org/pcre?view=revision\u0026revision=1631",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/84810",
"https://access.redhat.com/errata/RHSA-2016:1132",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://bugs.debian.org/815920",
"https://bugs.debian.org/815921",
"https://bugs.exim.org/show_bug.cgi?id=1791",
"https://bugzilla.redhat.com/show_bug.cgi?id=1311503",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191",
"https://www.tenable.com/security/tns-2016-18"
]
},
{
"VulnerabilityID": "CVE-2017-11164",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c",
"Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
"Severity": "HIGH",
"References": [
"http://openwall.com/lists/oss-security/2017/07/11/3",
"http://www.securityfocus.com/bid/99575"
]
},
{
"VulnerabilityID": "CVE-2018-16428",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c",
"Description": "In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/105210",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16428",
"https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9",
"https://gitlab.gnome.org/GNOME/glib/issues/1364",
"https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html",
"https://usn.ubuntu.com/3767-1/",
"https://usn.ubuntu.com/3767-2/"
]
},
{
"VulnerabilityID": "CVE-2019-12450",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress",
"Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450",
"https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/",
"https://security.netapp.com/advisory/ntap-20190606-0003/",
"https://usn.ubuntu.com/4014-1/",
"https://usn.ubuntu.com/4014-2/"
]
},
{
"VulnerabilityID": "CVE-2015-3217",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: stack overflow caused by mishandled group empty match (8.38/11)",
"Description": "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/.",
"Severity": "MEDIUM",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre?view=revision\u0026revision=1566",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.openwall.com/lists/oss-security/2015/06/03/7",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/75018",
"https://access.redhat.com/errata/RHSA-2016:1132",
"https://bugs.exim.org/show_bug.cgi?id=1638",
"https://bugzilla.redhat.com/show_bug.cgi?id=1228283",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217"
]
},
{
"VulnerabilityID": "CVE-2015-5073",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "CVE-2015-8388 pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)",
"Description": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.",
"Severity": "MEDIUM",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-1025.html",
"http://rhn.redhat.com/errata/RHSA-2016-2750.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?revision=1609\u0026view=markup",
"http://vcs.pcre.org/pcre?view=revision\u0026revision=1571",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
"http://www.openwall.com/lists/oss-security/2015/06/26/1",
"http://www.openwall.com/lists/oss-security/2015/06/26/3",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/75430",
"http://www.securitytracker.com/id/1033154",
"https://access.redhat.com/errata/RHSA-2016:1132",
"https://bugs.exim.org/show_bug.cgi?id=1651",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2017-7244",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)",
"Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97067",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244",
"https://security.gentoo.org/glsa/201710-25"
]
},
{
"VulnerabilityID": "CVE-2017-7245",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring",
"Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97067",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"https://security.gentoo.org/glsa/201710-25"
]
},
{
"VulnerabilityID": "CVE-2017-7246",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring",
"Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97067",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"https://security.gentoo.org/glsa/201710-25"
]
},
{
"VulnerabilityID": "CVE-2018-16429",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c",
"Description": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429",
"https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b",
"https://gitlab.gnome.org/GNOME/glib/issues/1361",
"https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html",
"https://usn.ubuntu.com/3767-1/",
"https://usn.ubuntu.com/3767-2/"
]
},
{
"VulnerabilityID": "CVE-2019-13012",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glib2: insecure permissions for files and directories",
"Description": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-\u003edir, NULL, NULL) and files using g_file_replace_contents (kfsb-\u003efile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012",
"https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429",
"https://gitlab.gnome.org/GNOME/glib/issues/1658",
"https://gitlab.gnome.org/GNOME/glib/merge_requests/450",
"https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html",
"https://security.netapp.com/advisory/ntap-20190806-0003/",
"https://usn.ubuntu.com/4049-1/",
"https://usn.ubuntu.com/4049-2/"
]
},
{
"VulnerabilityID": "CVE-2019-9633",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service",
"Description": "gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/107391",
"https://gitlab.gnome.org/GNOME/glib/issues/1649"
]
},
{
"VulnerabilityID": "CVE-2017-16231",
"PkgName": "glib2",
"InstalledVersion": "2.56.1-2.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service",
"Description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.",
"Severity": "LOW",
"References": [
"http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2018/Dec/33",
"http://www.openwall.com/lists/oss-security/2017/11/01/11",
"http://www.openwall.com/lists/oss-security/2017/11/01/3",
"http://www.openwall.com/lists/oss-security/2017/11/01/7",
"http://www.openwall.com/lists/oss-security/2017/11/01/8",
"http://www.securityfocus.com/bid/101688",
"https://bugs.exim.org/show_bug.cgi?id=2047"
]
},
{
"VulnerabilityID": "CVE-2014-4043",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument",
"Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html",
"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"http://seclists.org/fulldisclosure/2019/Jun/18",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:152",
"http://www.securityfocus.com/bid/68006",
"https://bugzilla.redhat.com/show_bug.cgi?id=1109263",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/93784",
"https://seclists.org/bugtraq/2019/Jun/14",
"https://security.gentoo.org/glsa/201503-04",
"https://sourceware.org/bugzilla/show_bug.cgi?id=17048",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362"
]
},
{
"VulnerabilityID": "CVE-2016-4429",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()",
"Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html",
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"http://www.securityfocus.com/bid/102073",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429",
"https://source.android.com/security/bulletin/2017-12-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20112",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c",
"https://usn.ubuntu.com/3759-1/",
"https://usn.ubuntu.com/3759-2/"
]
},
{
"VulnerabilityID": "CVE-2017-8804",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: memory leak in sunrpc when decoding malformed XDR",
"Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2017/05/05/2",
"http://www.securityfocus.com/bid/98339",
"https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21461",
"https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html"
]
},
{
"VulnerabilityID": "CVE-2019-1010022",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: stack guard protection bypass",
"Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.",
"Severity": "HIGH",
"References": [
"https://sourceware.org/bugzilla/show_bug.cgi?id=22850"
]
},
{
"VulnerabilityID": "CVE-2019-9169",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read",
"Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/107160",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278",
"https://security.netapp.com/advisory/ntap-20190315-0002/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24114",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9",
"https://support.f5.com/csp/article/K54823184"
]
},
{
"VulnerabilityID": "CVE-2009-5155",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result",
"Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238",
"https://security.netapp.com/advisory/ntap-20190315-0002/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=11053",
"https://sourceware.org/bugzilla/show_bug.cgi?id=18986",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672",
"https://support.f5.com/csp/article/K64119434"
]
},
{
"VulnerabilityID": "CVE-2015-8982",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: multiple overflows in strxfrm()",
"Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2015/02/13/3",
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/72602",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982",
"https://sourceware.org/bugzilla/show_bug.cgi?id=16009",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed"
]
},
{
"VulnerabilityID": "CVE-2015-8983",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: _IO_wstr_overflow integer overflow",
"Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/72740",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983",
"https://sourceware.org/bugzilla/show_bug.cgi?id=17269",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33",
"https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
]
},
{
"VulnerabilityID": "CVE-2015-8984",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: potential denial of service in internal_fnmatch()",
"Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2015/02/26/5",
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/72789",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984",
"https://sourceware.org/bugzilla/show_bug.cgi?id=18032",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185",
"https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
]
},
{
"VulnerabilityID": "CVE-2015-8985",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: potential denial of service in pop_fail_stack()",
"Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/76916",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985",
"https://security.gentoo.org/glsa/201908-06"
]
},
{
"VulnerabilityID": "CVE-2016-10228",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: iconv program can hang when invoked with the -c option",
"Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
"Severity": "MEDIUM",
"References": [
"http://openwall.com/lists/oss-security/2017/03/01/10",
"http://www.securityfocus.com/bid/96525",
"https://sourceware.org/bugzilla/show_bug.cgi?id=19519"
]
},
{
"VulnerabilityID": "CVE-2016-10739",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"FixedVersion": "2.17-292.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: getaddrinfo should reject IP addresses with trailing characters",
"Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html",
"http://www.securityfocus.com/bid/106672",
"https://access.redhat.com/errata/RHSA-2019:2118",
"https://bugzilla.redhat.com/show_bug.cgi?id=1347549",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20018"
]
},
{
"VulnerabilityID": "CVE-2016-1234",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory",
"Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.",
"Severity": "MEDIUM",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html",
"http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html",
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html",
"http://www.openwall.com/lists/oss-security/2016/03/07/16",
"http://www.securityfocus.com/bid/84204",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234",
"https://security.gentoo.org/glsa/201702-11",
"https://sourceware.org/bugzilla/show_bug.cgi?id=19779",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea"
]
},
{
"VulnerabilityID": "CVE-2017-15671",
"PkgName": "glibc",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: Memory leak in glob with GLOB_TILDE",
"Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101517",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22325"
]
},
{
"VulnerabilityID": "CVE-2014-4043",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: posix_spawn_file_actions_addopen fails to copy the path argument",
"Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html",
"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html",
"http://seclists.org/fulldisclosure/2019/Jun/18",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:152",
"http://www.securityfocus.com/bid/68006",
"https://bugzilla.redhat.com/show_bug.cgi?id=1109263",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/93784",
"https://seclists.org/bugtraq/2019/Jun/14",
"https://security.gentoo.org/glsa/201503-04",
"https://sourceware.org/bugzilla/show_bug.cgi?id=17048",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=ChangeLog;h=3020b9ac232315df362521aeaf85f21cb9926db8;hp=d86e73963dd9fb5e21b1a28326630337226812aa;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blobdiff;f=posix/spawn_faction_addopen.c;h=40800b8e6e81341501c0fb8a91009529e2048dec;hp=47f62425b696a4fdd511b2a057746322eb6518db;hb=89e435f3559c53084498e9baad22172b64429362;hpb=c3a2ebe1f7541cc35937621e08c28ff88afd0845",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362"
]
},
{
"VulnerabilityID": "CVE-2016-4429",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: libtirpc: stack (frame) overflow in Sun RPC clntudp_call()",
"Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html",
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"http://www.securityfocus.com/bid/102073",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429",
"https://source.android.com/security/bulletin/2017-12-01",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20112",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c",
"https://usn.ubuntu.com/3759-1/",
"https://usn.ubuntu.com/3759-2/"
]
},
{
"VulnerabilityID": "CVE-2017-8804",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: memory leak in sunrpc when decoding malformed XDR",
"Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2017/05/05/2",
"http://www.securityfocus.com/bid/98339",
"https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7",
"https://sourceware.org/bugzilla/show_bug.cgi?id=21461",
"https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html"
]
},
{
"VulnerabilityID": "CVE-2019-1010022",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: stack guard protection bypass",
"Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.",
"Severity": "HIGH",
"References": [
"https://sourceware.org/bugzilla/show_bug.cgi?id=22850"
]
},
{
"VulnerabilityID": "CVE-2019-9169",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read",
"Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/107160",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278",
"https://security.netapp.com/advisory/ntap-20190315-0002/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24114",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9",
"https://support.f5.com/csp/article/K54823184"
]
},
{
"VulnerabilityID": "CVE-2009-5155",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result",
"Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806",
"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238",
"https://security.netapp.com/advisory/ntap-20190315-0002/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=11053",
"https://sourceware.org/bugzilla/show_bug.cgi?id=18986",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672",
"https://support.f5.com/csp/article/K64119434"
]
},
{
"VulnerabilityID": "CVE-2015-8982",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: multiple overflows in strxfrm()",
"Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2015/02/13/3",
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/72602",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982",
"https://sourceware.org/bugzilla/show_bug.cgi?id=16009",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0f9e585480ed"
]
},
{
"VulnerabilityID": "CVE-2015-8983",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: _IO_wstr_overflow integer overflow",
"Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/72740",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983",
"https://sourceware.org/bugzilla/show_bug.cgi?id=17269",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33",
"https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
]
},
{
"VulnerabilityID": "CVE-2015-8984",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: potential denial of service in internal_fnmatch()",
"Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2015/02/26/5",
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/72789",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984",
"https://sourceware.org/bugzilla/show_bug.cgi?id=18032",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185",
"https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
]
},
{
"VulnerabilityID": "CVE-2015-8985",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: potential denial of service in pop_fail_stack()",
"Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2017/02/14/9",
"http://www.securityfocus.com/bid/76916",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985",
"https://security.gentoo.org/glsa/201908-06"
]
},
{
"VulnerabilityID": "CVE-2016-10228",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: iconv program can hang when invoked with the -c option",
"Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
"Severity": "MEDIUM",
"References": [
"http://openwall.com/lists/oss-security/2017/03/01/10",
"http://www.securityfocus.com/bid/96525",
"https://sourceware.org/bugzilla/show_bug.cgi?id=19519"
]
},
{
"VulnerabilityID": "CVE-2016-10739",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"FixedVersion": "2.17-292.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: getaddrinfo should reject IP addresses with trailing characters",
"Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html",
"http://www.securityfocus.com/bid/106672",
"https://access.redhat.com/errata/RHSA-2019:2118",
"https://bugzilla.redhat.com/show_bug.cgi?id=1347549",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739",
"https://sourceware.org/bugzilla/show_bug.cgi?id=20018"
]
},
{
"VulnerabilityID": "CVE-2016-1234",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory",
"Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.",
"Severity": "MEDIUM",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html",
"http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html",
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html",
"http://www.openwall.com/lists/oss-security/2016/03/07/16",
"http://www.securityfocus.com/bid/84204",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234",
"https://security.gentoo.org/glsa/201702-11",
"https://sourceware.org/bugzilla/show_bug.cgi?id=19779",
"https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5171f3079f2cc53e0548fc4967361f4d1ce9d7ea"
]
},
{
"VulnerabilityID": "CVE-2017-15671",
"PkgName": "glibc-common",
"InstalledVersion": "2.17-260.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "glibc: Memory leak in glob with GLOB_TILDE",
"Description": "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101517",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671",
"https://sourceware.org/bugzilla/show_bug.cgi?id=22325"
]
},
{
"VulnerabilityID": "CVE-2014-4617",
"PkgName": "gnupg2",
"InstalledVersion": "2.0.22-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gnupg: infinite loop when decompressing data packets",
"Description": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.",
"Severity": "MEDIUM",
"References": [
"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342",
"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a",
"http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html",
"http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html",
"http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html",
"http://secunia.com/advisories/59213",
"http://secunia.com/advisories/59351",
"http://secunia.com/advisories/59534",
"http://secunia.com/advisories/59578",
"http://www.debian.org/security/2014/dsa-2967",
"http://www.debian.org/security/2014/dsa-2968",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"http://www.ubuntu.com/usn/USN-2258-1"
]
},
{
"VulnerabilityID": "CVE-2018-9234",
"PkgName": "gnupg2",
"InstalledVersion": "2.0.22-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys",
"Description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234",
"https://dev.gnupg.org/T3844",
"https://usn.ubuntu.com/3675-1/"
]
},
{
"VulnerabilityID": "CVE-2019-13050",
"PkgName": "gnupg2",
"InstalledVersion": "2.0.22-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
"Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/articles/4264021",
"https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
"https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
"https://twitter.com/lambdafu/status/1147162583969009664"
]
},
{
"VulnerabilityID": "CVE-2014-3591",
"PkgName": "gnupg2",
"InstalledVersion": "2.0.22-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)",
"Description": "No description is available for this CVE.",
"Severity": "LOW"
},
{
"VulnerabilityID": "CVE-2015-0837",
"PkgName": "gnupg2",
"InstalledVersion": "2.0.22-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libgcrypt: last-level cache side-channel attack",
"Description": "No description is available for this CVE.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837"
]
},
{
"VulnerabilityID": "CVE-2015-1606",
"PkgName": "gnupg2",
"InstalledVersion": "2.0.22-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gnupg2: invalid memory read using a garbled keyring",
"Description": "No description is available for this CVE.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606"
]
},
{
"VulnerabilityID": "CVE-2015-1607",
"PkgName": "gnupg2",
"InstalledVersion": "2.0.22-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gnupg2: memcpy with overlapping ranges (keybox_search.c)",
"Description": "No description is available for this CVE.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607"
]
},
{
"VulnerabilityID": "CVE-2014-3564",
"PkgName": "gpgme",
"InstalledVersion": "1.3.2-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gpgme: heap-based buffer overflow in gpgsm status handler",
"Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"",
"Severity": "MEDIUM",
"References": [
"http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77",
"http://seclists.org/oss-sec/2014/q3/266",
"http://www.debian.org/security/2014/dsa-3005",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.osvdb.org/109699",
"http://www.securityfocus.com/bid/68990",
"https://bugzilla.redhat.com/show_bug.cgi?id=1113267"
]
},
{
"VulnerabilityID": "CVE-2015-2695",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: SPNEGO context aliasing bugs",
"Description": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.",
"Severity": "HIGH",
"References": [
"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html",
"http://www.debian.org/security/2015/dsa-3395",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"http://www.securityfocus.com/bid/90687",
"http://www.securitytracker.com/id/1034084",
"http://www.ubuntu.com/usn/USN-2810-1",
"https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d",
"https://security.gentoo.org/glsa/201611-14"
]
},
{
"VulnerabilityID": "CVE-2015-2696",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: IAKERB context aliasing flaw",
"Description": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.",
"Severity": "HIGH",
"References": [
"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html",
"http://www.debian.org/security/2015/dsa-3395",
"http://www.securityfocus.com/bid/90675",
"http://www.securitytracker.com/id/1034084",
"http://www.ubuntu.com/usn/USN-2810-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696",
"https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a",
"https://security.gentoo.org/glsa/201611-14"
]
},
{
"VulnerabilityID": "CVE-2017-11462",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: Automatic sec context deletion could lead to double-free",
"Description": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.",
"Severity": "HIGH",
"References": [
"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598",
"https://bugzilla.redhat.com/show_bug.cgi?id=1488873",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462",
"https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/"
]
},
{
"VulnerabilityID": "CVE-2017-15088",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: Buffer overflow in get_matching_data()",
"Description": "plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/101594",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698",
"https://bugzilla.redhat.com/show_bug.cgi?id=1504045",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088",
"https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4",
"https://github.com/krb5/krb5/pull/707"
]
},
{
"VulnerabilityID": "CVE-2015-2697",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: build_principal() memory flaw",
"Description": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.",
"Severity": "MEDIUM",
"References": [
"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html",
"http://www.debian.org/security/2015/dsa-3395",
"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"http://www.securityfocus.com/bid/77581",
"http://www.securitytracker.com/id/1034084",
"http://www.ubuntu.com/usn/USN-2810-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697",
"https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789",
"https://security.gentoo.org/glsa/201611-14"
]
},
{
"VulnerabilityID": "CVE-2018-5709",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
"Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
"Severity": "MEDIUM",
"References": [
"https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"
]
},
{
"VulnerabilityID": "CVE-2018-5710",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: null pointer deference in strlen function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c",
"Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710",
"https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)"
]
},
{
"VulnerabilityID": "CVE-2014-5351",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: current keys returned when randomizing the keys for a service principal",
"Description": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.",
"Severity": "LOW",
"References": [
"http://advisories.mageia.org/MGASA-2014-0477.html",
"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html",
"http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html",
"http://security.gentoo.org/glsa/glsa-201412-53.xml",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:224",
"http://www.securityfocus.com/bid/70380",
"http://www.securitytracker.com/id/1031003",
"http://www.ubuntu.com/usn/USN-2498-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1145425",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/97028",
"https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca",
"https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"
]
},
{
"VulnerabilityID": "CVE-2018-20217",
"PkgName": "krb5-libs",
"InstalledVersion": "1.15.1-37.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "krb5: Reachable assertion in the KDC using S4U2Self requests",
"Description": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.",
"Severity": "LOW",
"References": [
"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217",
"https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/",
"https://security.netapp.com/advisory/ntap-20190416-0006/"
]
},
{
"VulnerabilityID": "CVE-2014-9114",
"PkgName": "libblkid",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: command injection flaw in blkid",
"Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html",
"http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html",
"http://www.openwall.com/lists/oss-security/2014/11/26/21",
"http://www.securityfocus.com/bid/71327",
"https://bugzilla.redhat.com/show_bug.cgi?id=1168485",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/98993",
"https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc",
"https://security.gentoo.org/glsa/201612-14"
]
},
{
"VulnerabilityID": "CVE-2016-2779",
"PkgName": "libblkid",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: runuser tty hijack via TIOCSTI ioctl",
"Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/27/1",
"http://www.openwall.com/lists/oss-security/2016/02/27/2",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779"
]
},
{
"VulnerabilityID": "CVE-2015-5218",
"PkgName": "libblkid",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "colcrt: global-buffer-overflow",
"Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.",
"Severity": "LOW",
"References": [
"http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html",
"http://www.spinics.net/lists/util-linux-ng/msg11873.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1259322",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218",
"https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8",
"https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec",
"https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes"
]
},
{
"VulnerabilityID": "CVE-2015-0247",
"PkgName": "libcom_err",
"InstalledVersion": "1.42.9-13.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "e2fsprogs: ext2fs_open2() missing first_meta_bg boundary check leading to heap buffer overflow (oCERT-015-002)",
"Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.",
"Severity": "MEDIUM",
"References": [
"http://advisories.mageia.org/MGASA-2015-0061.html",
"http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html",
"http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html",
"http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html",
"http://www.debian.org/security/2015/dsa-3166",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:045",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:067",
"http://www.ocert.org/advisories/ocert-2015-002.html",
"http://www.securityfocus.com/archive/1/534633/100/0/threaded",
"http://www.securityfocus.com/bid/72520",
"http://www.ubuntu.com/usn/USN-2507-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1187032",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/100740",
"https://security.gentoo.org/glsa/201701-06"
]
},
{
"VulnerabilityID": "CVE-2015-1572",
"PkgName": "libcom_err",
"InstalledVersion": "1.42.9-13.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "e2fsprogs: potential buffer overflow in closefs() (incomplete CVE-2015-0247 fix)",
"Description": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.",
"Severity": "MEDIUM",
"References": [
"http://advisories.mageia.org/MGASA-2015-0088.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html",
"http://lists.opensuse.org/opensuse-updates/2015-06/msg00006.html",
"http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html",
"http://www.debian.org/security/2015/dsa-3166",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:067",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:068",
"http://www.securityfocus.com/bid/72709",
"http://www.ubuntu.com/usn/USN-2507-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572",
"https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73",
"https://security.gentoo.org/glsa/201507-22"
]
},
{
"VulnerabilityID": "CVE-2018-14618",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"FixedVersion": "7.29.0-51.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: NTLM password overflow via integer overflow",
"Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",
"Severity": "CRITICAL",
"References": [
"http://www.securitytracker.com/id/1041605",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618",
"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"https://curl.haxx.se/docs/CVE-2018-14618.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014",
"https://security.gentoo.org/glsa/201903-03",
"https://usn.ubuntu.com/3765-1/",
"https://usn.ubuntu.com/3765-2/",
"https://www.debian.org/security/2018/dsa-4286"
]
},
{
"VulnerabilityID": "CVE-2016-8618",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Double-free in curl_maprintf",
"Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.",
"Severity": "HIGH",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94098",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618",
"https://curl.haxx.se/docs/adv_20161102D.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8619",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Double-free in krb5 code",
"Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.",
"Severity": "HIGH",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94100",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619",
"https://curl.haxx.se/CVE-2016-8619.patch",
"https://curl.haxx.se/docs/adv_20161102E.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8622",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: URL unescape heap overflow via integer truncation",
"Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.",
"Severity": "HIGH",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94105",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622",
"https://curl.haxx.se/docs/adv_20161102H.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2017-8817",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: FTP wildcard out of bounds read",
"Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.",
"Severity": "HIGH",
"References": [
"http://security.cucumberlinux.com/security/details.php?id=162",
"http://www.securityfocus.com/bid/102057",
"http://www.securitytracker.com/id/1039897",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/docs/adv_2017-ae72.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html",
"https://security.gentoo.org/glsa/201712-04",
"https://www.debian.org/security/2017/dsa-4051"
]
},
{
"VulnerabilityID": "CVE-2019-5482",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: heap buffer overflow in function tftp_receive_packet()",
"Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
"https://curl.haxx.se/docs/CVE-2019-5482.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
]
},
{
"VulnerabilityID": "CVE-2015-3153",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: sensitive HTTP server headers also sent to proxies",
"Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.",
"Severity": "MEDIUM",
"References": [
"http://curl.haxx.se/docs/adv_20150429.html",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html",
"http://www.debian.org/security/2015/dsa-3240",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/74408",
"http://www.securitytracker.com/id/1032233",
"http://www.ubuntu.com/usn/USN-2591-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10131",
"https://support.apple.com/kb/HT205031"
]
},
{
"VulnerabilityID": "CVE-2016-0755",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: NTLM credentials not-checked for proxy connection re-use",
"Description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
"Severity": "MEDIUM",
"References": [
"http://curl.haxx.se/docs/adv_20160127A.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html",
"http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html",
"http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html",
"http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html",
"http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html",
"http://www.debian.org/security/2016/dsa-3455",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/82307",
"http://www.securitytracker.com/id/1034882",
"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965",
"http://www.ubuntu.com/usn/USN-2882-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755",
"https://security.gentoo.org/glsa/201701-47",
"https://support.apple.com/HT207170"
]
},
{
"VulnerabilityID": "CVE-2016-8615",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Cookie injection for other servers",
"Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94096",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615",
"https://curl.haxx.se/CVE-2016-8615.patch",
"https://curl.haxx.se/docs/adv_20161102A.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8616",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Case insensitive password comparison",
"Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94094",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616",
"https://curl.haxx.se/CVE-2016-8616.patch",
"https://curl.haxx.se/docs/adv_20161102B.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8617",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Out-of-bounds write via unchecked multiplication",
"Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94097",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617",
"https://curl.haxx.se/CVE-2016-8617.patch",
"https://curl.haxx.se/docs/adv_20161102C.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8621",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: curl_getdate out-of-bounds read",
"Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94101",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621",
"https://curl.haxx.se/CVE-2016-8621.patch",
"https://curl.haxx.se/docs/adv_20161102G.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8623",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Use-after-free via shared cookies",
"Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94106",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623",
"https://curl.haxx.se/CVE-2016-8623.patch",
"https://curl.haxx.se/docs/adv_20161102I.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8624",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Invalid URL parsing with '#'",
"Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/94103",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624",
"https://curl.haxx.se/docs/adv_20161102J.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-8625",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: IDNA 2003 makes curl use wrong host",
"Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/94107",
"http://www.securitytracker.com/id/1037192",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625",
"https://curl.haxx.se/CVE-2016-8625.patch",
"https://curl.haxx.se/docs/adv_20161102K.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625",
"https://security.gentoo.org/glsa/201701-47",
"https://www.tenable.com/security/tns-2016-21"
]
},
{
"VulnerabilityID": "CVE-2016-9586",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: printf floating point buffer overflow",
"Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.",
"Severity": "MEDIUM",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/95019",
"http://www.securitytracker.com/id/1037515",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586",
"https://curl.haxx.se/docs/adv_20161221A.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586",
"https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html",
"https://security.gentoo.org/glsa/201701-47"
]
},
{
"VulnerabilityID": "CVE-2017-1000100",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: TFTP sends more than buffer size",
"Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3992",
"http://www.securityfocus.com/bid/100286",
"http://www.securitytracker.com/id/1039118",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/docs/adv_20170809B.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100",
"https://security.gentoo.org/glsa/201709-14",
"https://support.apple.com/HT208221"
]
},
{
"VulnerabilityID": "CVE-2017-1000254",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: FTP PWD response parser out of bounds read",
"Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3992",
"http://www.securityfocus.com/bid/101115",
"http://www.securitytracker.com/id/1039509",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/673d0cd8.patch",
"https://curl.haxx.se/docs/adv_20171004.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254",
"https://security.gentoo.org/glsa/201712-04",
"https://support.apple.com/HT208331"
]
},
{
"VulnerabilityID": "CVE-2018-16842",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"FixedVersion": "7.29.0-54.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: Heap-based buffer over-read in the curl tool warning formatting",
"Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"Severity": "MEDIUM",
"References": [
"http://www.securitytracker.com/id/1042014",
"https://access.redhat.com/errata/RHSA-2019:2181",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842",
"https://curl.haxx.se/docs/CVE-2018-16842.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842",
"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html",
"https://security.gentoo.org/glsa/201903-03",
"https://usn.ubuntu.com/3805-1/",
"https://usn.ubuntu.com/3805-2/",
"https://www.debian.org/security/2018/dsa-4331"
]
},
{
"VulnerabilityID": "CVE-2019-5436",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function",
"Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html",
"https://curl.haxx.se/docs/CVE-2019-5436.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/",
"https://security.netapp.com/advisory/ntap-20190606-0004/"
]
},
{
"VulnerabilityID": "CVE-2017-7407",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "curl: --write-out out of bounds read",
"Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.",
"Severity": "LOW",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://curl.haxx.se/docs/adv_20170403.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407",
"https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13",
"https://security.gentoo.org/glsa/201709-14"
]
},
{
"VulnerabilityID": "CVE-2018-20483",
"PkgName": "libcurl",
"InstalledVersion": "7.29.0-51.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "wget: Information exposure in set_file_metadata function in xattr.c",
"Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.",
"Severity": "LOW",
"References": [
"http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS",
"http://www.securityfocus.com/bid/106358",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483",
"https://security.gentoo.org/glsa/201903-08",
"https://security.netapp.com/advisory/ntap-20190321-0002/",
"https://twitter.com/marcan42/status/1077676739877232640",
"https://usn.ubuntu.com/3943-1/"
]
},
{
"VulnerabilityID": "CVE-2017-10140",
"PkgName": "libdb",
"InstalledVersion": "5.3.21-24.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libdb: Reads DB_CONFIG from the current working directory",
"Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.",
"Severity": "MEDIUM",
"References": [
"http://seclists.org/oss-sec/2017/q3/285",
"http://www.postfix.org/announcements/postfix-3.2.2.html",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140"
]
},
{
"VulnerabilityID": "CVE-2017-10140",
"PkgName": "libdb-utils",
"InstalledVersion": "5.3.21-24.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libdb: Reads DB_CONFIG from the current working directory",
"Description": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.",
"Severity": "MEDIUM",
"References": [
"http://seclists.org/oss-sec/2017/q3/285",
"http://www.postfix.org/announcements/postfix-3.2.2.html",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140"
]
},
{
"VulnerabilityID": "CVE-2014-5044",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: integer overflow flaws in libgfortran",
"Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2014/07/24/1",
"http://www.openwall.com/lists/oss-security/2014/07/31/6",
"https://bugzilla.redhat.com/show_bug.cgi?id=1122812",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/94849",
"https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721"
]
},
{
"VulnerabilityID": "CVE-2015-5276",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Predictable randomness from std::random_device",
"Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html",
"http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html",
"http://www.securitytracker.com/id/1034375",
"https://bugzilla.redhat.com/show_bug.cgi?id=1262846",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142"
]
},
{
"VulnerabilityID": "CVE-2016-2226",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Exploitable buffer overflow",
"Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90103",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687",
"https://www.exploit-db.com/exploits/42386/"
]
},
{
"VulnerabilityID": "CVE-2016-4487",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to a use-after-free to array btypevec",
"Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90025",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481"
]
},
{
"VulnerabilityID": "CVE-2016-4488",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to a use-after-free to array ktypevec",
"Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90025",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481"
]
},
{
"VulnerabilityID": "CVE-2016-4489",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to integer overflow",
"Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90017",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492"
]
},
{
"VulnerabilityID": "CVE-2016-4490",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Write access violation",
"Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90019",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498"
]
},
{
"VulnerabilityID": "CVE-2016-4491",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Stack overflow due to infinite recursion in d_print_comp",
"Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90016",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html"
]
},
{
"VulnerabilityID": "CVE-2016-4492",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Read access violations",
"Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90014",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"
]
},
{
"VulnerabilityID": "CVE-2016-4493",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Read access violations",
"Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90014",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"
]
},
{
"VulnerabilityID": "CVE-2016-6131",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc,gdb,binutils,libitm: Stack overflow vulnerability in libiberty demangler",
"Description": "The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/06/30/4",
"http://www.openwall.com/lists/oss-security/2016/06/30/7",
"http://www.securityfocus.com/bid/91519",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696",
"https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html"
]
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106444",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://support.f5.com/csp/article/K62602089"
]
},
{
"VulnerabilityID": "CVE-2018-20673",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libiberty: Integer overflow in demangle_template() function",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106454",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24039"
]
},
{
"VulnerabilityID": "CVE-2019-14250",
"PkgName": "libgcc",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow",
"Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/109354",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924",
"https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html",
"https://security.netapp.com/advisory/ntap-20190822-0002/"
]
},
{
"VulnerabilityID": "CVE-2017-7526",
"PkgName": "libgcrypt",
"InstalledVersion": "1.5.3-14.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery",
"Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/99338",
"http://www.securitytracker.com/id/1038915",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526",
"https://eprint.iacr.org/2017/627",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9",
"https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html",
"https://usn.ubuntu.com/3733-1/",
"https://usn.ubuntu.com/3733-2/",
"https://www.debian.org/security/2017/dsa-3901",
"https://www.debian.org/security/2017/dsa-3960"
]
},
{
"VulnerabilityID": "CVE-2019-12904",
"PkgName": "libgcrypt",
"InstalledVersion": "1.5.3-14.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack",
"Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html",
"https://dev.gnupg.org/T4541",
"https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020",
"https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762",
"https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html"
]
},
{
"VulnerabilityID": "CVE-2014-3591",
"PkgName": "libgcrypt",
"InstalledVersion": "1.5.3-14.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libgcrypt: use ciphertext blinding for Elgamal decryption (new side-channel attack)",
"Description": "No description is available for this CVE.",
"Severity": "LOW"
},
{
"VulnerabilityID": "CVE-2014-5270",
"PkgName": "libgcrypt",
"InstalledVersion": "1.5.3-14.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libgcrypt: ELGAMAL side-channel attack",
"Description": "Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.",
"Severity": "LOW",
"References": [
"http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html",
"http://openwall.com/lists/oss-security/2014/08/16/2",
"http://www.cs.tau.ac.il/~tromer/handsoff/",
"http://www.debian.org/security/2014/dsa-3024",
"http://www.debian.org/security/2014/dsa-3073"
]
},
{
"VulnerabilityID": "CVE-2015-0837",
"PkgName": "libgcrypt",
"InstalledVersion": "1.5.3-14.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libgcrypt: last-level cache side-channel attack",
"Description": "No description is available for this CVE.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837"
]
},
{
"VulnerabilityID": "CVE-2015-2059",
"PkgName": "libidn",
"InstalledVersion": "1.28-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libidn: out-of-bounds read with stringprep on invalid UTF-8",
"Description": "The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.",
"Severity": "HIGH",
"References": [
"http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html",
"http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html",
"http://www.debian.org/security/2016/dsa-3578",
"http://www.openwall.com/lists/oss-security/2015/02/23/25",
"http://www.securityfocus.com/bid/72736",
"http://www.ubuntu.com/usn/USN-3068-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059",
"https://github.com/jabberd2/jabberd2/issues/85"
]
},
{
"VulnerabilityID": "CVE-2017-14062",
"PkgName": "libidn",
"InstalledVersion": "1.28-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libidn2: Integer overflow in puny_decode.c/decode_digit",
"Description": "Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.",
"Severity": "HIGH",
"References": [
"http://www.debian.org/security/2017/dsa-3988",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062",
"https://gitlab.com/libidn/libidn2/blob/master/NEWS",
"https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd",
"https://lists.debian.org/debian-lts-announce/2018/07/msg00040.html"
]
},
{
"VulnerabilityID": "CVE-2015-8948",
"PkgName": "libidn",
"InstalledVersion": "1.28-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libidn: Out-of-bounds read due to use of fgets with fixed-size buffer",
"Description": "idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html",
"http://www.debian.org/security/2016/dsa-3658",
"http://www.openwall.com/lists/oss-security/2016/07/20/6",
"http://www.openwall.com/lists/oss-security/2016/07/21/4",
"http://www.securityfocus.com/bid/92070",
"http://www.ubuntu.com/usn/USN-3068-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948",
"https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
]
},
{
"VulnerabilityID": "CVE-2016-6261",
"PkgName": "libidn",
"InstalledVersion": "1.28-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libidn: Out of bounds stack read in idna_to_ascii_4i",
"Description": "The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html",
"http://www.debian.org/security/2016/dsa-3658",
"http://www.openwall.com/lists/oss-security/2016/07/20/6",
"http://www.openwall.com/lists/oss-security/2016/07/21/4",
"http://www.securityfocus.com/bid/92070",
"http://www.ubuntu.com/usn/USN-3068-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261",
"https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html",
"https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
]
},
{
"VulnerabilityID": "CVE-2016-6262",
"PkgName": "libidn",
"InstalledVersion": "1.28-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libidn: Out-of-bounds read when reading zero byte as input",
"Description": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html",
"http://www.openwall.com/lists/oss-security/2016/07/20/6",
"http://www.openwall.com/lists/oss-security/2016/07/21/4",
"http://www.securityfocus.com/bid/92070",
"http://www.ubuntu.com/usn/USN-3068-1",
"https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
]
},
{
"VulnerabilityID": "CVE-2016-6263",
"PkgName": "libidn",
"InstalledVersion": "1.28-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libidn: Crash when given invalid UTF-8 data on input",
"Description": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html",
"http://www.debian.org/security/2016/dsa-3658",
"http://www.openwall.com/lists/oss-security/2016/07/20/6",
"http://www.openwall.com/lists/oss-security/2016/07/21/4",
"http://www.securityfocus.com/bid/92070",
"http://www.ubuntu.com/usn/USN-3068-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6263",
"https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
]
},
{
"VulnerabilityID": "CVE-2014-9114",
"PkgName": "libmount",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: command injection flaw in blkid",
"Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html",
"http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html",
"http://www.openwall.com/lists/oss-security/2014/11/26/21",
"http://www.securityfocus.com/bid/71327",
"https://bugzilla.redhat.com/show_bug.cgi?id=1168485",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/98993",
"https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc",
"https://security.gentoo.org/glsa/201612-14"
]
},
{
"VulnerabilityID": "CVE-2016-2779",
"PkgName": "libmount",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: runuser tty hijack via TIOCSTI ioctl",
"Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/27/1",
"http://www.openwall.com/lists/oss-security/2016/02/27/2",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779"
]
},
{
"VulnerabilityID": "CVE-2015-5218",
"PkgName": "libmount",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "colcrt: global-buffer-overflow",
"Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.",
"Severity": "LOW",
"References": [
"http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html",
"http://www.spinics.net/lists/util-linux-ng/msg11873.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1259322",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218",
"https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8",
"https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec",
"https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes"
]
},
{
"VulnerabilityID": "CVE-2014-9114",
"PkgName": "libsmartcols",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: command injection flaw in blkid",
"Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html",
"http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html",
"http://www.openwall.com/lists/oss-security/2014/11/26/21",
"http://www.securityfocus.com/bid/71327",
"https://bugzilla.redhat.com/show_bug.cgi?id=1168485",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/98993",
"https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc",
"https://security.gentoo.org/glsa/201612-14"
]
},
{
"VulnerabilityID": "CVE-2016-2779",
"PkgName": "libsmartcols",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: runuser tty hijack via TIOCSTI ioctl",
"Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/27/1",
"http://www.openwall.com/lists/oss-security/2016/02/27/2",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779"
]
},
{
"VulnerabilityID": "CVE-2015-5218",
"PkgName": "libsmartcols",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "colcrt: global-buffer-overflow",
"Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.",
"Severity": "LOW",
"References": [
"http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html",
"http://www.spinics.net/lists/util-linux-ng/msg11873.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1259322",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218",
"https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8",
"https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec",
"https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes"
]
},
{
"VulnerabilityID": "CVE-2019-3855",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"FixedVersion": "1.4.3-12.el7_6.2",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Integer overflow in transport read resulting in out of bounds write",
"Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"Severity": "CRITICAL",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"http://www.openwall.com/lists/oss-security/2019/03/18/3",
"http://www.securityfocus.com/bid/107485",
"https://access.redhat.com/errata/RHSA-2019:0679",
"https://access.redhat.com/errata/RHSA-2019:1175",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://seclists.org/bugtraq/2019/Mar/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3855.html"
]
},
{
"VulnerabilityID": "CVE-2019-13115",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write",
"Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.",
"Severity": "MEDIUM",
"References": [
"https://blog.semmle.com/libssh2-integer-overflow/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115",
"https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa",
"https://github.com/libssh2/libssh2/pull/350",
"https://libssh2.org/changes.html",
"https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html"
]
},
{
"VulnerabilityID": "CVE-2019-3856",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"FixedVersion": "1.4.3-12.el7_6.2",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write",
"Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"https://access.redhat.com/errata/RHSA-2019:0679",
"https://access.redhat.com/errata/RHSA-2019:1175",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3856.html"
]
},
{
"VulnerabilityID": "CVE-2019-3857",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"FixedVersion": "1.4.3-12.el7_6.2",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write",
"Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"https://access.redhat.com/errata/RHSA-2019:0679",
"https://access.redhat.com/errata/RHSA-2019:1175",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3857.html"
]
},
{
"VulnerabilityID": "CVE-2019-3858",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"FixedVersion": "1.8.0-3.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read",
"Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"http://www.openwall.com/lists/oss-security/2019/03/18/3",
"http://www.securityfocus.com/bid/107485",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://seclists.org/bugtraq/2019/Mar/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3858.html"
]
},
{
"VulnerabilityID": "CVE-2019-3859",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read",
"Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html",
"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"http://www.openwall.com/lists/oss-security/2019/03/18/3",
"http://www.securityfocus.com/bid/107485",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3859",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00006.html",
"https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://seclists.org/bugtraq/2019/Mar/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3859.html"
]
},
{
"VulnerabilityID": "CVE-2019-3860",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Out-of-bounds reads with specially crafted SFTP packets",
"Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3860.html"
]
},
{
"VulnerabilityID": "CVE-2019-3861",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"FixedVersion": "1.8.0-3.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets",
"Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3861.html"
]
},
{
"VulnerabilityID": "CVE-2019-3862",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"FixedVersion": "1.4.3-12.el7_6.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request",
"Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
"http://www.openwall.com/lists/oss-security/2019/03/18/3",
"http://www.securityfocus.com/bid/107485",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://seclists.org/bugtraq/2019/Mar/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3862.html"
]
},
{
"VulnerabilityID": "CVE-2019-3863",
"PkgName": "libssh2",
"InstalledVersion": "1.4.3-12.el7",
"FixedVersion": "1.4.3-12.el7_6.2",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes",
"Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
"https://access.redhat.com/errata/RHSA-2019:0679",
"https://access.redhat.com/errata/RHSA-2019:1175",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
"https://seclists.org/bugtraq/2019/Apr/25",
"https://security.netapp.com/advisory/ntap-20190327-0005/",
"https://www.debian.org/security/2019/dsa-4431",
"https://www.libssh2.org/CVE-2019-3863.html"
]
},
{
"VulnerabilityID": "CVE-2014-5044",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: integer overflow flaws in libgfortran",
"Description": "Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2014/07/24/1",
"http://www.openwall.com/lists/oss-security/2014/07/31/6",
"https://bugzilla.redhat.com/show_bug.cgi?id=1122812",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5044",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/94849",
"https://gcc.gnu.org/viewcvs/gcc/trunk/libgfortran/ChangeLog?limit_changes=0\u0026view=markup\u0026pathrev=211721"
]
},
{
"VulnerabilityID": "CVE-2015-5276",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Predictable randomness from std::random_device",
"Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html",
"http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html",
"http://www.securitytracker.com/id/1034375",
"https://bugzilla.redhat.com/show_bug.cgi?id=1262846",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142"
]
},
{
"VulnerabilityID": "CVE-2016-2226",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Exploitable buffer overflow",
"Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90103",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687",
"https://www.exploit-db.com/exploits/42386/"
]
},
{
"VulnerabilityID": "CVE-2016-4487",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to a use-after-free to array btypevec",
"Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90025",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481"
]
},
{
"VulnerabilityID": "CVE-2016-4488",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to a use-after-free to array ktypevec",
"Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90025",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481"
]
},
{
"VulnerabilityID": "CVE-2016-4489",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Invalid write due to integer overflow",
"Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90017",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492"
]
},
{
"VulnerabilityID": "CVE-2016-4490",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Write access violation",
"Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90019",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498"
]
},
{
"VulnerabilityID": "CVE-2016-4491",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Stack overflow due to infinite recursion in d_print_comp",
"Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90016",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html"
]
},
{
"VulnerabilityID": "CVE-2016-4492",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Read access violations",
"Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90014",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"
]
},
{
"VulnerabilityID": "CVE-2016-4493",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc: Read access violations",
"Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/05/05/5",
"http://www.securityfocus.com/bid/90014",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926",
"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html"
]
},
{
"VulnerabilityID": "CVE-2016-6131",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "gcc,gdb,binutils,libitm: Stack overflow vulnerability in libiberty demangler",
"Description": "The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/06/30/4",
"http://www.openwall.com/lists/oss-security/2016/06/30/7",
"http://www.securityfocus.com/bid/91519",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696",
"https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html"
]
},
{
"VulnerabilityID": "CVE-2018-20657",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106444",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
"https://support.f5.com/csp/article/K62602089"
]
},
{
"VulnerabilityID": "CVE-2018-20673",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libiberty: Integer overflow in demangle_template() function",
"Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/106454",
"https://sourceware.org/bugzilla/show_bug.cgi?id=24039"
]
},
{
"VulnerabilityID": "CVE-2019-14250",
"PkgName": "libstdc++",
"InstalledVersion": "4.8.5-36.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow",
"Description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/109354",
"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924",
"https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html",
"https://security.netapp.com/advisory/ntap-20190822-0002/"
]
},
{
"VulnerabilityID": "CVE-2018-1000654",
"PkgName": "libtasn1",
"InstalledVersion": "4.10-1.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion",
"Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html",
"http://www.securityfocus.com/bid/105151",
"https://gitlab.com/gnutls/libtasn1/issues/4"
]
},
{
"VulnerabilityID": "CVE-2016-4008",
"PkgName": "libtasn1",
"InstalledVersion": "4.10-1.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libtasn1: infinite loop while parsing DER certificates",
"Description": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625",
"http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html",
"http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html",
"http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html",
"http://www.debian.org/security/2016/dsa-3568",
"http://www.openwall.com/lists/oss-security/2016/04/11/3",
"http://www.ubuntu.com/usn/USN-2957-1",
"http://www.ubuntu.com/usn/USN-2957-2",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008",
"https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html",
"https://security.gentoo.org/glsa/201703-05"
]
},
{
"VulnerabilityID": "CVE-2017-10790",
"PkgName": "libtasn1",
"InstalledVersion": "4.10-1.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libtasn1: NULL pointer dereference in the _asn1_check_identifier function",
"Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464141",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790",
"https://security.gentoo.org/glsa/201710-11",
"https://usn.ubuntu.com/3547-1/",
"https://www.debian.org/security/2018/dsa-4106"
]
},
{
"VulnerabilityID": "CVE-2017-6891",
"PkgName": "libtasn1",
"InstalledVersion": "4.10-1.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libtasn1: Stack-based buffer overflow in asn1_find_node()",
"Description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html",
"http://www.debian.org/security/2017/dsa-3861",
"http://www.securityfocus.com/bid/98641",
"http://www.securitytracker.com/id/1038619",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891",
"https://secuniaresearch.flexerasoftware.com/advisories/76125/",
"https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/",
"https://security.gentoo.org/glsa/201710-11"
]
},
{
"VulnerabilityID": "CVE-2018-6003",
"PkgName": "libtasn1",
"InstalledVersion": "4.10-1.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libtasn1: Stack exhaustion due to indefinite recursion during BER decoding",
"Description": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97",
"https://bugzilla.redhat.com/show_bug.cgi?id=1535926",
"https://bugzilla.suse.com/show_bug.cgi?id=1076832",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003",
"https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910",
"https://www.debian.org/security/2018/dsa-4106"
]
},
{
"VulnerabilityID": "CVE-2014-9114",
"PkgName": "libuuid",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: command injection flaw in blkid",
"Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html",
"http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html",
"http://www.openwall.com/lists/oss-security/2014/11/26/21",
"http://www.securityfocus.com/bid/71327",
"https://bugzilla.redhat.com/show_bug.cgi?id=1168485",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/98993",
"https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc",
"https://security.gentoo.org/glsa/201612-14"
]
},
{
"VulnerabilityID": "CVE-2016-2779",
"PkgName": "libuuid",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: runuser tty hijack via TIOCSTI ioctl",
"Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/27/1",
"http://www.openwall.com/lists/oss-security/2016/02/27/2",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779"
]
},
{
"VulnerabilityID": "CVE-2015-5218",
"PkgName": "libuuid",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "colcrt: global-buffer-overflow",
"Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.",
"Severity": "LOW",
"References": [
"http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html",
"http://www.spinics.net/lists/util-linux-ng/msg11873.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1259322",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218",
"https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8",
"https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec",
"https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes"
]
},
{
"VulnerabilityID": "CVE-2016-4658",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Use after free via namespace node in XPointer ranges",
"Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.",
"Severity": "CRITICAL",
"References": [
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html",
"http://www.securityfocus.com/bid/93054",
"http://www.securitytracker.com/id/1036858",
"http://www.securitytracker.com/id/1038623",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658",
"https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b",
"https://github.com/sparklemotion/nokogiri/issues/1615",
"https://security.gentoo.org/glsa/201701-37",
"https://support.apple.com/HT207141",
"https://support.apple.com/HT207142",
"https://support.apple.com/HT207143",
"https://support.apple.com/HT207170"
]
},
{
"VulnerabilityID": "CVE-2017-16931",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Mishandling parameter-entity references",
"Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.",
"Severity": "HIGH",
"References": [
"http://xmlsoft.org/news.html",
"https://bugzilla.gnome.org/show_bug.cgi?id=766956",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931",
"https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html"
]
},
{
"VulnerabilityID": "CVE-2017-7375",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Missing validation for external entities in xmlParsePEReference",
"Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/98877",
"http://www.securitytracker.com/id/1038623",
"https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa",
"https://bugzilla.redhat.com/show_bug.cgi?id=1462203",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375",
"https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e",
"https://security.gentoo.org/glsa/201711-01",
"https://source.android.com/security/bulletin/2017-06-01",
"https://www.debian.org/security/2017/dsa-3952"
]
},
{
"VulnerabilityID": "CVE-2015-8806",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: heap-buffer overread in dict.c",
"Description": "dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the \"\u003c!DOCTYPE html\" substring in a crafted HTML document.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/03/5",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/82071",
"http://www.ubuntu.com/usn/USN-2994-1",
"http://www.ubuntu.com/usn/usn-2994-1/",
"https://bugzilla.gnome.org/show_bug.cgi?id=749115",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806",
"https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028",
"https://github.com/sparklemotion/nokogiri/issues/1473",
"https://mail.gnome.org/archives/xml/2016-May/msg00023.html",
"https://security.gentoo.org/glsa/201701-37",
"https://www.debian.org/security/2016/dsa-3593"
]
},
{
"VulnerabilityID": "CVE-2016-2073",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: out-of-bounds read in htmlParseNameComplex()",
"Description": "The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/01/25/6",
"http://www.openwall.com/lists/oss-security/2016/01/26/7",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/85267",
"http://www.securitytracker.com/id/1035011",
"http://www.ubuntu.com/usn/USN-2994-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073",
"https://security.gentoo.org/glsa/201701-37",
"https://www.debian.org/security/2016/dsa-3593"
]
},
{
"VulnerabilityID": "CVE-2016-4483",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: out-of-bounds read",
"Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.",
"Severity": "MEDIUM",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.debian.org/security/2016/dsa-3593",
"http://www.openwall.com/lists/oss-security/2016/05/03/8",
"http://www.openwall.com/lists/oss-security/2016/05/04/7",
"http://www.openwall.com/lists/oss-security/2016/06/07/4",
"http://www.openwall.com/lists/oss-security/2016/06/07/5",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/90013",
"http://www.securitytracker.com/id/1036348",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483",
"https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd",
"https://security.gentoo.org/glsa/201701-37",
"https://www.tenable.com/security/tns-2016-18"
]
},
{
"VulnerabilityID": "CVE-2016-5131",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: use after free triggered by XPointer paths beginning with range-to",
"Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"Severity": "MEDIUM",
"References": [
"http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html",
"http://rhn.redhat.com/errata/RHSA-2016-1485.html",
"http://www.debian.org/security/2016/dsa-3637",
"http://www.securityfocus.com/bid/92053",
"http://www.securitytracker.com/id/1036428",
"http://www.securitytracker.com/id/1038623",
"http://www.ubuntu.com/usn/USN-3041-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1358641",
"https://codereview.chromium.org/2127493002",
"https://crbug.com/623378",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131",
"https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"https://security.gentoo.org/glsa/201610-09",
"https://security.gentoo.org/glsa/201701-37",
"https://source.android.com/security/bulletin/2017-05-01",
"https://support.apple.com/HT207141",
"https://support.apple.com/HT207142",
"https://support.apple.com/HT207143",
"https://support.apple.com/HT207170"
]
},
{
"VulnerabilityID": "CVE-2016-9318",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: XML External Entity vulnerability",
"Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/94347",
"https://bugzilla.gnome.org/show_bug.cgi?id=772726",
"https://github.com/lsh123/xmlsec/issues/43",
"https://security.gentoo.org/glsa/201711-01",
"https://usn.ubuntu.com/3739-1/",
"https://usn.ubuntu.com/3739-2/"
]
},
{
"VulnerabilityID": "CVE-2017-0663",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Heap buffer overflow in xmlAddID",
"Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.securityfocus.com/bid/98877",
"http://www.securitytracker.com/id/1038623",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663",
"https://security.gentoo.org/glsa/201711-01",
"https://source.android.com/security/bulletin/2017-06-01"
]
},
{
"VulnerabilityID": "CVE-2017-15412",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "chromium-browser: use after free in libxml",
"Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"Severity": "MEDIUM",
"References": [
"http://www.securitytracker.com/id/1040348",
"https://access.redhat.com/errata/RHSA-2017:3401",
"https://access.redhat.com/errata/RHSA-2018:0287",
"https://bugzilla.gnome.org/show_bug.cgi?id=783160",
"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"https://crbug.com/727039",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412",
"https://github.com/sparklemotion/nokogiri/issues/1714",
"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html",
"https://security.gentoo.org/glsa/201801-03",
"https://usn.ubuntu.com/usn/usn-3513-1/",
"https://www.debian.org/security/2018/dsa-4086"
]
},
{
"VulnerabilityID": "CVE-2017-16932",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Infinite recursion in parameter entities",
"Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.",
"Severity": "MEDIUM",
"References": [
"http://xmlsoft.org/news.html",
"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html",
"https://bugzilla.gnome.org/show_bug.cgi?id=759579",
"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961",
"https://github.com/sparklemotion/nokogiri/issues/1714",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html",
"https://usn.ubuntu.com/3739-1/",
"https://usn.ubuntu.com/usn/usn-3504-1/"
]
},
{
"VulnerabilityID": "CVE-2017-18258",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: denial of service in xz_head function in xzlib.c",
"Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258",
"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html",
"https://security.netapp.com/advisory/ntap-20190719-0001/",
"https://usn.ubuntu.com/3739-1/"
]
},
{
"VulnerabilityID": "CVE-2017-8872",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish",
"Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.gnome.org/show_bug.cgi?id=775200",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872"
]
},
{
"VulnerabilityID": "CVE-2017-9047",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent",
"Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98599",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2017-9048",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent",
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98556",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2017-9049",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey",
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98601",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2017-9050",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString",
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98568",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050",
"https://github.com/sparklemotion/nokogiri/issues/1673",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html",
"https://security.gentoo.org/glsa/201711-01",
"https://usn.ubuntu.com/usn/usn-3424-1/"
]
},
{
"VulnerabilityID": "CVE-2018-14404",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service",
"Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.",
"Severity": "MEDIUM",
"References": [
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817",
"https://bugzilla.redhat.com/show_bug.cgi?id=1595985",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404",
"https://github.com/sparklemotion/nokogiri/issues/1785",
"https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74",
"https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594",
"https://gitlab.gnome.org/GNOME/libxml2/issues/10",
"https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html",
"https://usn.ubuntu.com/3739-1/",
"https://usn.ubuntu.com/3739-2/"
]
},
{
"VulnerabilityID": "CVE-2018-14567",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file",
"Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105198",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567",
"https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html",
"https://usn.ubuntu.com/3739-1/"
]
},
{
"VulnerabilityID": "CVE-2015-8035",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled",
"Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.",
"Severity": "LOW",
"References": [
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html",
"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html",
"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html",
"http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"http://www.debian.org/security/2015/dsa-3430",
"http://www.openwall.com/lists/oss-security/2015/11/02/2",
"http://www.openwall.com/lists/oss-security/2015/11/02/4",
"http://www.openwall.com/lists/oss-security/2015/11/03/1",
"http://www.securityfocus.com/bid/77390",
"http://www.securitytracker.com/id/1034243",
"http://www.ubuntu.com/usn/USN-2812-1",
"http://xmlsoft.org/news.html",
"https://bugzilla.gnome.org/show_bug.cgi?id=757466",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"https://security.gentoo.org/glsa/201701-37",
"https://support.apple.com/HT206166",
"https://support.apple.com/HT206167",
"https://support.apple.com/HT206168",
"https://support.apple.com/HT206169"
]
},
{
"VulnerabilityID": "CVE-2017-5969",
"PkgName": "libxml2",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation",
"Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",
"Severity": "LOW",
"References": [
"http://www.openwall.com/lists/oss-security/2016/11/05/3",
"http://www.openwall.com/lists/oss-security/2017/02/13/1",
"http://www.securityfocus.com/bid/96188",
"https://bugzilla.gnome.org/show_bug.cgi?id=778519",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2016-4658",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Use after free via namespace node in XPointer ranges",
"Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.",
"Severity": "CRITICAL",
"References": [
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html",
"http://www.securityfocus.com/bid/93054",
"http://www.securitytracker.com/id/1036858",
"http://www.securitytracker.com/id/1038623",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658",
"https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b",
"https://github.com/sparklemotion/nokogiri/issues/1615",
"https://security.gentoo.org/glsa/201701-37",
"https://support.apple.com/HT207141",
"https://support.apple.com/HT207142",
"https://support.apple.com/HT207143",
"https://support.apple.com/HT207170"
]
},
{
"VulnerabilityID": "CVE-2017-16931",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Mishandling parameter-entity references",
"Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.",
"Severity": "HIGH",
"References": [
"http://xmlsoft.org/news.html",
"https://bugzilla.gnome.org/show_bug.cgi?id=766956",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931",
"https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html"
]
},
{
"VulnerabilityID": "CVE-2017-7375",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Missing validation for external entities in xmlParsePEReference",
"Description": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/98877",
"http://www.securitytracker.com/id/1038623",
"https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa",
"https://bugzilla.redhat.com/show_bug.cgi?id=1462203",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375",
"https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e",
"https://security.gentoo.org/glsa/201711-01",
"https://source.android.com/security/bulletin/2017-06-01",
"https://www.debian.org/security/2017/dsa-3952"
]
},
{
"VulnerabilityID": "CVE-2015-8806",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: heap-buffer overread in dict.c",
"Description": "dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the \"\u003c!DOCTYPE html\" substring in a crafted HTML document.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/03/5",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/82071",
"http://www.ubuntu.com/usn/USN-2994-1",
"http://www.ubuntu.com/usn/usn-2994-1/",
"https://bugzilla.gnome.org/show_bug.cgi?id=749115",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806",
"https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028",
"https://github.com/sparklemotion/nokogiri/issues/1473",
"https://mail.gnome.org/archives/xml/2016-May/msg00023.html",
"https://security.gentoo.org/glsa/201701-37",
"https://www.debian.org/security/2016/dsa-3593"
]
},
{
"VulnerabilityID": "CVE-2016-2073",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: out-of-bounds read in htmlParseNameComplex()",
"Description": "The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.",
"Severity": "MEDIUM",
"References": [
"http://www.openwall.com/lists/oss-security/2016/01/25/6",
"http://www.openwall.com/lists/oss-security/2016/01/26/7",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/85267",
"http://www.securitytracker.com/id/1035011",
"http://www.ubuntu.com/usn/USN-2994-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073",
"https://security.gentoo.org/glsa/201701-37",
"https://www.debian.org/security/2016/dsa-3593"
]
},
{
"VulnerabilityID": "CVE-2016-4483",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: out-of-bounds read",
"Description": "The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.",
"Severity": "MEDIUM",
"References": [
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.debian.org/security/2016/dsa-3593",
"http://www.openwall.com/lists/oss-security/2016/05/03/8",
"http://www.openwall.com/lists/oss-security/2016/05/04/7",
"http://www.openwall.com/lists/oss-security/2016/06/07/4",
"http://www.openwall.com/lists/oss-security/2016/06/07/5",
"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"http://www.securityfocus.com/bid/90013",
"http://www.securitytracker.com/id/1036348",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483",
"https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd",
"https://security.gentoo.org/glsa/201701-37",
"https://www.tenable.com/security/tns-2016-18"
]
},
{
"VulnerabilityID": "CVE-2016-5131",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: use after free triggered by XPointer paths beginning with range-to",
"Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"Severity": "MEDIUM",
"References": [
"http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html",
"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html",
"http://rhn.redhat.com/errata/RHSA-2016-1485.html",
"http://www.debian.org/security/2016/dsa-3637",
"http://www.securityfocus.com/bid/92053",
"http://www.securitytracker.com/id/1036428",
"http://www.securitytracker.com/id/1038623",
"http://www.ubuntu.com/usn/USN-3041-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1358641",
"https://codereview.chromium.org/2127493002",
"https://crbug.com/623378",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131",
"https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"https://security.gentoo.org/glsa/201610-09",
"https://security.gentoo.org/glsa/201701-37",
"https://source.android.com/security/bulletin/2017-05-01",
"https://support.apple.com/HT207141",
"https://support.apple.com/HT207142",
"https://support.apple.com/HT207143",
"https://support.apple.com/HT207170"
]
},
{
"VulnerabilityID": "CVE-2016-9318",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: XML External Entity vulnerability",
"Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/94347",
"https://bugzilla.gnome.org/show_bug.cgi?id=772726",
"https://github.com/lsh123/xmlsec/issues/43",
"https://security.gentoo.org/glsa/201711-01",
"https://usn.ubuntu.com/3739-1/",
"https://usn.ubuntu.com/3739-2/"
]
},
{
"VulnerabilityID": "CVE-2017-0663",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Heap buffer overflow in xmlAddID",
"Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.securityfocus.com/bid/98877",
"http://www.securitytracker.com/id/1038623",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663",
"https://security.gentoo.org/glsa/201711-01",
"https://source.android.com/security/bulletin/2017-06-01"
]
},
{
"VulnerabilityID": "CVE-2017-15412",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "chromium-browser: use after free in libxml",
"Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"Severity": "MEDIUM",
"References": [
"http://www.securitytracker.com/id/1040348",
"https://access.redhat.com/errata/RHSA-2017:3401",
"https://access.redhat.com/errata/RHSA-2018:0287",
"https://bugzilla.gnome.org/show_bug.cgi?id=783160",
"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"https://crbug.com/727039",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412",
"https://github.com/sparklemotion/nokogiri/issues/1714",
"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html",
"https://security.gentoo.org/glsa/201801-03",
"https://usn.ubuntu.com/usn/usn-3513-1/",
"https://www.debian.org/security/2018/dsa-4086"
]
},
{
"VulnerabilityID": "CVE-2017-16932",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Infinite recursion in parameter entities",
"Description": "parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.",
"Severity": "MEDIUM",
"References": [
"http://xmlsoft.org/news.html",
"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html",
"https://bugzilla.gnome.org/show_bug.cgi?id=759579",
"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961",
"https://github.com/sparklemotion/nokogiri/issues/1714",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html",
"https://usn.ubuntu.com/3739-1/",
"https://usn.ubuntu.com/usn/usn-3504-1/"
]
},
{
"VulnerabilityID": "CVE-2017-18258",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: denial of service in xz_head function in xzlib.c",
"Description": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258",
"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html",
"https://security.netapp.com/advisory/ntap-20190719-0001/",
"https://usn.ubuntu.com/3739-1/"
]
},
{
"VulnerabilityID": "CVE-2017-8872",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Out-of-bounds read in htmlParseTryOrFinish",
"Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.gnome.org/show_bug.cgi?id=775200",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872"
]
},
{
"VulnerabilityID": "CVE-2017-9047",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Buffer overflow in function xmlSnprintfElementContent",
"Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98599",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2017-9048",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent",
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98556",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2017-9049",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey",
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98601",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2017-9050",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Heap-based buffer over-read in function xmlDictAddString",
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3952",
"http://www.openwall.com/lists/oss-security/2017/05/15/1",
"http://www.securityfocus.com/bid/98568",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050",
"https://github.com/sparklemotion/nokogiri/issues/1673",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0663.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7375.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7376.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9047.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9048.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9049.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9050.html",
"https://security.gentoo.org/glsa/201711-01",
"https://usn.ubuntu.com/usn/usn-3424-1/"
]
},
{
"VulnerabilityID": "CVE-2018-14404",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service",
"Description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.",
"Severity": "MEDIUM",
"References": [
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817",
"https://bugzilla.redhat.com/show_bug.cgi?id=1595985",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404",
"https://github.com/sparklemotion/nokogiri/issues/1785",
"https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74",
"https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594",
"https://gitlab.gnome.org/GNOME/libxml2/issues/10",
"https://groups.google.com/forum/#!msg/ruby-security-ann/uVrmO2HjqQw/Fw3ocLI0BQAJ",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html",
"https://usn.ubuntu.com/3739-1/",
"https://usn.ubuntu.com/3739-2/"
]
},
{
"VulnerabilityID": "CVE-2018-14567",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file",
"Description": "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105198",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567",
"https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html",
"https://usn.ubuntu.com/3739-1/"
]
},
{
"VulnerabilityID": "CVE-2015-8035",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: DoS when parsing specially crafted XML document if XZ support is enabled",
"Description": "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.",
"Severity": "LOW",
"References": [
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html",
"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html",
"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html",
"http://rhn.redhat.com/errata/RHSA-2016-1089.html",
"http://www.debian.org/security/2015/dsa-3430",
"http://www.openwall.com/lists/oss-security/2015/11/02/2",
"http://www.openwall.com/lists/oss-security/2015/11/02/4",
"http://www.openwall.com/lists/oss-security/2015/11/03/1",
"http://www.securityfocus.com/bid/77390",
"http://www.securitytracker.com/id/1034243",
"http://www.ubuntu.com/usn/USN-2812-1",
"http://xmlsoft.org/news.html",
"https://bugzilla.gnome.org/show_bug.cgi?id=757466",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"https://security.gentoo.org/glsa/201701-37",
"https://support.apple.com/HT206166",
"https://support.apple.com/HT206167",
"https://support.apple.com/HT206168",
"https://support.apple.com/HT206169"
]
},
{
"VulnerabilityID": "CVE-2017-5969",
"PkgName": "libxml2-python",
"InstalledVersion": "2.9.1-6.el7_2.3",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "libxml2: Null pointer dereference in xmlSaveDoc implementation",
"Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",
"Severity": "LOW",
"References": [
"http://www.openwall.com/lists/oss-security/2016/11/05/3",
"http://www.openwall.com/lists/oss-security/2017/02/13/1",
"http://www.securityfocus.com/bid/96188",
"https://bugzilla.gnome.org/show_bug.cgi?id=778519",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969",
"https://security.gentoo.org/glsa/201711-01"
]
},
{
"VulnerabilityID": "CVE-2014-5461",
"PkgName": "lua",
"InstalledVersion": "5.1.4-15.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "lua: overflow flaw in vararg functions",
"Description": "Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.",
"Severity": "MEDIUM",
"References": [
"http://advisories.mageia.org/MGASA-2014-0414.html",
"http://lists.opensuse.org/opensuse-updates/2014-09/msg00030.html",
"http://secunia.com/advisories/59890",
"http://secunia.com/advisories/60869",
"http://secunia.com/advisories/61411",
"http://www.debian.org/security/2014/dsa-3015",
"http://www.debian.org/security/2014/dsa-3016",
"http://www.lua.org/bugs.html#5.2.2-1",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:144",
"http://www.openwall.com/lists/oss-security/2014/08/21/1",
"http://www.openwall.com/lists/oss-security/2014/08/21/4",
"http://www.openwall.com/lists/oss-security/2014/08/27/2",
"http://www.securityfocus.com/bid/69342",
"http://www.ubuntu.com/usn/USN-2338-1",
"https://security.gentoo.org/glsa/201701-53"
]
},
{
"VulnerabilityID": "CVE-2017-10684",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c",
"Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464687",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-10685",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function",
"Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464692",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-11112",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in append_acs function",
"Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464686",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-11113",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function",
"Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464691",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13728",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Infinite loop in the next_char function",
"Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484274",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13729",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the _nc_save_str function",
"Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13730",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function _nc_read_entry_source()",
"Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484284",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13731",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function postprocess_termcap()",
"Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484285",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13732",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function dump_uses()",
"Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484287",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13733",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function fmt_entry",
"Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484290",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13734",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function _nc_safe_strcat",
"Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484291",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-16879",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function",
"Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.",
"Severity": "MEDIUM",
"References": [
"http://invisible-island.net/ncurses/NEWS.html#t20171125",
"http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879",
"https://security.gentoo.org/glsa/201804-13",
"https://tools.cisco.com/security/center/viewAlert.x?alertId=57695"
]
},
{
"VulnerabilityID": "CVE-2018-19211",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c",
"Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1643754",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211"
]
},
{
"VulnerabilityID": "CVE-2018-19217",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference at function _nc_name_match",
"Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1643753",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217"
]
},
{
"VulnerabilityID": "CVE-2018-10754",
"PkgName": "ncurses",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c.",
"Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10754"
]
},
{
"VulnerabilityID": "CVE-2017-10684",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c",
"Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464687",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-10685",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function",
"Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464692",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-11112",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in append_acs function",
"Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464686",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-11113",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function",
"Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464691",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13728",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Infinite loop in the next_char function",
"Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484274",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13729",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the _nc_save_str function",
"Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13730",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function _nc_read_entry_source()",
"Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484284",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13731",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function postprocess_termcap()",
"Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484285",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13732",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function dump_uses()",
"Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484287",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13733",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function fmt_entry",
"Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484290",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13734",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function _nc_safe_strcat",
"Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484291",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-16879",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function",
"Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.",
"Severity": "MEDIUM",
"References": [
"http://invisible-island.net/ncurses/NEWS.html#t20171125",
"http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879",
"https://security.gentoo.org/glsa/201804-13",
"https://tools.cisco.com/security/center/viewAlert.x?alertId=57695"
]
},
{
"VulnerabilityID": "CVE-2018-19211",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c",
"Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1643754",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211"
]
},
{
"VulnerabilityID": "CVE-2018-19217",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference at function _nc_name_match",
"Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1643753",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217"
]
},
{
"VulnerabilityID": "CVE-2018-10754",
"PkgName": "ncurses-base",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c.",
"Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10754"
]
},
{
"VulnerabilityID": "CVE-2017-10684",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c",
"Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464687",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-10685",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function",
"Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464692",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-11112",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in append_acs function",
"Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464686",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-11113",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function",
"Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1464691",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13728",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Infinite loop in the next_char function",
"Description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484274",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13729",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the _nc_save_str function",
"Description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13730",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function _nc_read_entry_source()",
"Description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484284",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13731",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function postprocess_termcap()",
"Description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484285",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13732",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function dump_uses()",
"Description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484287",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13733",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function fmt_entry",
"Description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484290",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-13734",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Illegal address access in the function _nc_safe_strcat",
"Description": "There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1484291",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734",
"https://security.gentoo.org/glsa/201804-13"
]
},
{
"VulnerabilityID": "CVE-2017-16879",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Stack-based buffer overflow in the _nc_write_entry function",
"Description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.",
"Severity": "MEDIUM",
"References": [
"http://invisible-island.net/ncurses/NEWS.html#t20171125",
"http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879",
"https://security.gentoo.org/glsa/201804-13",
"https://tools.cisco.com/security/center/viewAlert.x?alertId=57695"
]
},
{
"VulnerabilityID": "CVE-2018-19211",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c",
"Description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1643754",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211"
]
},
{
"VulnerabilityID": "CVE-2018-19217",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: Null pointer dereference at function _nc_name_match",
"Description": "** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1643753",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217"
]
},
{
"VulnerabilityID": "CVE-2018-10754",
"PkgName": "ncurses-libs",
"InstalledVersion": "5.9-14.20130511.el7_4",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c.",
"Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"Severity": "LOW",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10754"
]
},
{
"VulnerabilityID": "CVE-2016-1951",
"PkgName": "nspr",
"InstalledVersion": "4.19.0-1.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nspr: Memory allocation issue related to PR_*printf functions",
"Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/92385",
"http://www.securitytracker.com/id/1036590",
"http://www.ubuntu.com/usn/USN-3023-1",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1174015",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951",
"https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw",
"https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ",
"https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2"
]
},
{
"VulnerabilityID": "CVE-2018-12404",
"PkgName": "nspr",
"InstalledVersion": "4.19.0-1.el7_5",
"FixedVersion": "4.21.0-1.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Cache side-channel variant of the Bleichenbacher attack",
"Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html",
"http://www.securityfocus.com/bid/107260",
"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"
]
},
{
"VulnerabilityID": "CVE-2018-0495",
"PkgName": "nspr",
"InstalledVersion": "4.19.0-1.el7_5",
"FixedVersion": "4.21.0-1.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"Severity": "LOW",
"References": [
"http://www.securitytracker.com/id/1041144",
"http://www.securitytracker.com/id/1041147",
"https://access.redhat.com/errata/RHSA-2018:3221",
"https://access.redhat.com/errata/RHSA-2018:3505",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495",
"https://dev.gnupg.org/T4011",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html",
"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"https://usn.ubuntu.com/3689-1/",
"https://usn.ubuntu.com/3689-2/",
"https://usn.ubuntu.com/3692-1/",
"https://usn.ubuntu.com/3692-2/",
"https://usn.ubuntu.com/3850-1/",
"https://usn.ubuntu.com/3850-2/",
"https://www.debian.org/security/2018/dsa-4231",
"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
]
},
{
"VulnerabilityID": "CVE-2015-2808",
"PkgName": "nss",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher",
"Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",
"Severity": "MEDIUM",
"References": [
"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html",
"http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1007.html",
"http://rhn.redhat.com/errata/RHSA-2015-1020.html",
"http://rhn.redhat.com/errata/RHSA-2015-1021.html",
"http://rhn.redhat.com/errata/RHSA-2015-1091.html",
"http://rhn.redhat.com/errata/RHSA-2015-1228.html",
"http://rhn.redhat.com/errata/RHSA-2015-1229.html",
"http://rhn.redhat.com/errata/RHSA-2015-1230.html",
"http://rhn.redhat.com/errata/RHSA-2015-1241.html",
"http://rhn.redhat.com/errata/RHSA-2015-1242.html",
"http://rhn.redhat.com/errata/RHSA-2015-1243.html",
"http://rhn.redhat.com/errata/RHSA-2015-1526.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892",
"http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"http://www-304.ibm.com/support/docview.wss?uid=swg21903565",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960015",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960769",
"http://www.debian.org/security/2015/dsa-3316",
"http://www.debian.org/security/2015/dsa-3339",
"http://www.huawei.com/en/psirt/security-advisories/hw-454055",
"http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.securityfocus.com/bid/73684",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032599",
"http://www.securitytracker.com/id/1032600",
"http://www.securitytracker.com/id/1032707",
"http://www.securitytracker.com/id/1032708",
"http://www.securitytracker.com/id/1032734",
"http://www.securitytracker.com/id/1032788",
"http://www.securitytracker.com/id/1032858",
"http://www.securitytracker.com/id/1032868",
"http://www.securitytracker.com/id/1032910",
"http://www.securitytracker.com/id/1032990",
"http://www.securitytracker.com/id/1033071",
"http://www.securitytracker.com/id/1033072",
"http://www.securitytracker.com/id/1033386",
"http://www.securitytracker.com/id/1033415",
"http://www.securitytracker.com/id/1033431",
"http://www.securitytracker.com/id/1033432",
"http://www.securitytracker.com/id/1033737",
"http://www.securitytracker.com/id/1033769",
"http://www.securitytracker.com/id/1036222",
"http://www.ubuntu.com/usn/USN-2696-1",
"http://www.ubuntu.com/usn/USN-2706-1",
"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808",
"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
"https://kb.juniper.net/JSA10783",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163",
"https://security.gentoo.org/glsa/201512-10",
"https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709",
"https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
]
},
{
"VulnerabilityID": "CVE-2016-2183",
"PkgName": "nss",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",
"Severity": "MEDIUM",
"References": [
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759",
"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
"http://rhn.redhat.com/errata/RHSA-2017-0336.html",
"http://rhn.redhat.com/errata/RHSA-2017-0337.html",
"http://rhn.redhat.com/errata/RHSA-2017-0338.html",
"http://rhn.redhat.com/errata/RHSA-2017-0462.html",
"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
"http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
"http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"http://www.securityfocus.com/bid/92630",
"http://www.securityfocus.com/bid/95568",
"http://www.securitytracker.com/id/1036696",
"http://www.splunk.com/view/SP-CAAAPSV",
"http://www.splunk.com/view/SP-CAAAPUE",
"https://access.redhat.com/articles/2548661",
"https://access.redhat.com/errata/RHSA-2016:1940",
"https://access.redhat.com/errata/RHSA-2017:1216",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2018:2123",
"https://access.redhat.com/errata/RHSA-2019:1245",
"https://access.redhat.com/security/cve/cve-2016-2183",
"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/",
"https://bto.bluecoat.com/security-advisory/sa133",
"https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849",
"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171",
"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/",
"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"https://security.gentoo.org/glsa/201612-16",
"https://security.gentoo.org/glsa/201701-65",
"https://security.gentoo.org/glsa/201707-01",
"https://security.netapp.com/advisory/ntap-20160915-0001/",
"https://security.netapp.com/advisory/ntap-20170119-0001/",
"https://sweet32.info/",
"https://www.ietf.org/mail-archive/web/tls/current/msg04560.html",
"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008",
"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/",
"https://www.openssl.org/blog/blog/2016/08/24/sweet32/",
"https://www.sigsac.org/ccs/CCS2016/accepted-papers/",
"https://www.tenable.com/security/tns-2016-16",
"https://www.tenable.com/security/tns-2016-20",
"https://www.tenable.com/security/tns-2016-21",
"https://www.tenable.com/security/tns-2017-09",
"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
]
},
{
"VulnerabilityID": "CVE-2016-9074",
"PkgName": "nss",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Insufficient timing side-channel resistance in divSpoiler",
"Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/94341",
"http://www.securitytracker.com/id/1037298",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074",
"https://security.gentoo.org/glsa/201701-15",
"https://security.gentoo.org/glsa/201701-46",
"https://www.debian.org/security/2016/dsa-3730",
"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074",
"https://www.mozilla.org/security/advisories/mfsa2016-89/",
"https://www.mozilla.org/security/advisories/mfsa2016-90/",
"https://www.mozilla.org/security/advisories/mfsa2016-93/"
]
},
{
"VulnerabilityID": "CVE-2016-9574",
"PkgName": "nss",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA",
"Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.mozilla.org/show_bug.cgi?id=1320695",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574"
]
},
{
"VulnerabilityID": "CVE-2018-12404",
"PkgName": "nss",
"InstalledVersion": "3.36.0-7.1.el7_6",
"FixedVersion": "3.44.0-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Cache side-channel variant of the Bleichenbacher attack",
"Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html",
"http://www.securityfocus.com/bid/107260",
"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"
]
},
{
"VulnerabilityID": "CVE-2018-18508",
"PkgName": "nss",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service",
"Description": "No description is available for this CVE.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508",
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
]
},
{
"VulnerabilityID": "CVE-2018-0495",
"PkgName": "nss",
"InstalledVersion": "3.36.0-7.1.el7_6",
"FixedVersion": "3.44.0-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"Severity": "LOW",
"References": [
"http://www.securitytracker.com/id/1041144",
"http://www.securitytracker.com/id/1041147",
"https://access.redhat.com/errata/RHSA-2018:3221",
"https://access.redhat.com/errata/RHSA-2018:3505",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495",
"https://dev.gnupg.org/T4011",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html",
"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"https://usn.ubuntu.com/3689-1/",
"https://usn.ubuntu.com/3689-2/",
"https://usn.ubuntu.com/3692-1/",
"https://usn.ubuntu.com/3692-2/",
"https://usn.ubuntu.com/3850-1/",
"https://usn.ubuntu.com/3850-2/",
"https://www.debian.org/security/2018/dsa-4231",
"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
]
},
{
"VulnerabilityID": "CVE-2015-2613",
"PkgName": "nss-softokn",
"InstalledVersion": "3.36.0-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)",
"Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.",
"Severity": "MEDIUM",
"References": [
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html",
"http://rhn.redhat.com/errata/RHSA-2015-1241.html",
"http://rhn.redhat.com/errata/RHSA-2015-1242.html",
"http://rhn.redhat.com/errata/RHSA-2015-1485.html",
"http://rhn.redhat.com/errata/RHSA-2015-1488.html",
"http://www.debian.org/security/2015/dsa-3316",
"http://www.debian.org/security/2015/dsa-3339",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA",
"http://www.securityfocus.com/bid/75871",
"http://www.securitytracker.com/id/1032910",
"http://www.ubuntu.com/usn/USN-2696-1",
"http://www.ubuntu.com/usn/USN-2706-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139",
"https://security.gentoo.org/glsa/201603-11",
"https://security.gentoo.org/glsa/201603-14"
]
},
{
"VulnerabilityID": "CVE-2016-1938",
"PkgName": "nss-softokn",
"InstalledVersion": "3.36.0-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions",
"Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html",
"http://www.debian.org/security/2016/dsa-3688",
"http://www.mozilla.org/security/announce/2016/mfsa2016-07.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.securityfocus.com/bid/81955",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1034825",
"http://www.ubuntu.com/usn/USN-2880-1",
"http://www.ubuntu.com/usn/USN-2880-2",
"http://www.ubuntu.com/usn/USN-2903-1",
"http://www.ubuntu.com/usn/USN-2903-2",
"http://www.ubuntu.com/usn/USN-2973-1",
"https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1190248",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1194947",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938",
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes",
"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c",
"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c",
"https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c",
"https://security.gentoo.org/glsa/201605-06",
"https://security.gentoo.org/glsa/201701-46"
]
},
{
"VulnerabilityID": "CVE-2017-7781",
"PkgName": "nss-softokn",
"InstalledVersion": "3.36.0-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)",
"Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100383",
"http://www.securitytracker.com/id/1039124",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1352039",
"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781",
"https://www.mozilla.org/security/advisories/mfsa2017-18/"
]
},
{
"VulnerabilityID": "CVE-2018-12404",
"PkgName": "nss-softokn",
"InstalledVersion": "3.36.0-5.el7_5",
"FixedVersion": "3.44.0-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Cache side-channel variant of the Bleichenbacher attack",
"Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html",
"http://www.securityfocus.com/bid/107260",
"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"
]
},
{
"VulnerabilityID": "CVE-2018-0495",
"PkgName": "nss-softokn",
"InstalledVersion": "3.36.0-5.el7_5",
"FixedVersion": "3.44.0-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"Severity": "LOW",
"References": [
"http://www.securitytracker.com/id/1041144",
"http://www.securitytracker.com/id/1041147",
"https://access.redhat.com/errata/RHSA-2018:3221",
"https://access.redhat.com/errata/RHSA-2018:3505",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495",
"https://dev.gnupg.org/T4011",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html",
"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"https://usn.ubuntu.com/3689-1/",
"https://usn.ubuntu.com/3689-2/",
"https://usn.ubuntu.com/3692-1/",
"https://usn.ubuntu.com/3692-2/",
"https://usn.ubuntu.com/3850-1/",
"https://usn.ubuntu.com/3850-2/",
"https://www.debian.org/security/2018/dsa-4231",
"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
]
},
{
"VulnerabilityID": "CVE-2015-2613",
"PkgName": "nss-softokn-freebl",
"InstalledVersion": "3.36.0-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)",
"Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.",
"Severity": "MEDIUM",
"References": [
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html",
"http://rhn.redhat.com/errata/RHSA-2015-1241.html",
"http://rhn.redhat.com/errata/RHSA-2015-1242.html",
"http://rhn.redhat.com/errata/RHSA-2015-1485.html",
"http://rhn.redhat.com/errata/RHSA-2015-1488.html",
"http://www.debian.org/security/2015/dsa-3316",
"http://www.debian.org/security/2015/dsa-3339",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA",
"http://www.securityfocus.com/bid/75871",
"http://www.securitytracker.com/id/1032910",
"http://www.ubuntu.com/usn/USN-2696-1",
"http://www.ubuntu.com/usn/USN-2706-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10139",
"https://security.gentoo.org/glsa/201603-11",
"https://security.gentoo.org/glsa/201603-14"
]
},
{
"VulnerabilityID": "CVE-2016-1938",
"PkgName": "nss-softokn-freebl",
"InstalledVersion": "3.36.0-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions",
"Description": "The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html",
"http://www.debian.org/security/2016/dsa-3688",
"http://www.mozilla.org/security/announce/2016/mfsa2016-07.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.securityfocus.com/bid/81955",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1034825",
"http://www.ubuntu.com/usn/USN-2880-1",
"http://www.ubuntu.com/usn/USN-2880-2",
"http://www.ubuntu.com/usn/USN-2903-1",
"http://www.ubuntu.com/usn/USN-2903-2",
"http://www.ubuntu.com/usn/USN-2973-1",
"https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1190248",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1194947",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938",
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes",
"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c",
"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c",
"https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c",
"https://security.gentoo.org/glsa/201605-06",
"https://security.gentoo.org/glsa/201701-46"
]
},
{
"VulnerabilityID": "CVE-2017-7781",
"PkgName": "nss-softokn-freebl",
"InstalledVersion": "3.36.0-5.el7_5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Mozilla: Elliptic curve point addition error when using mixed Jacobian-affine coordinates (MFSA 2017-18)",
"Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/100383",
"http://www.securitytracker.com/id/1039124",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1352039",
"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781",
"https://www.mozilla.org/security/advisories/mfsa2017-18/"
]
},
{
"VulnerabilityID": "CVE-2018-12404",
"PkgName": "nss-softokn-freebl",
"InstalledVersion": "3.36.0-5.el7_5",
"FixedVersion": "3.44.0-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Cache side-channel variant of the Bleichenbacher attack",
"Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html",
"http://www.securityfocus.com/bid/107260",
"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"
]
},
{
"VulnerabilityID": "CVE-2018-0495",
"PkgName": "nss-softokn-freebl",
"InstalledVersion": "3.36.0-5.el7_5",
"FixedVersion": "3.44.0-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"Severity": "LOW",
"References": [
"http://www.securitytracker.com/id/1041144",
"http://www.securitytracker.com/id/1041147",
"https://access.redhat.com/errata/RHSA-2018:3221",
"https://access.redhat.com/errata/RHSA-2018:3505",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495",
"https://dev.gnupg.org/T4011",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html",
"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"https://usn.ubuntu.com/3689-1/",
"https://usn.ubuntu.com/3689-2/",
"https://usn.ubuntu.com/3692-1/",
"https://usn.ubuntu.com/3692-2/",
"https://usn.ubuntu.com/3850-1/",
"https://usn.ubuntu.com/3850-2/",
"https://www.debian.org/security/2018/dsa-4231",
"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
]
},
{
"VulnerabilityID": "CVE-2015-2808",
"PkgName": "nss-sysinit",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher",
"Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",
"Severity": "MEDIUM",
"References": [
"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html",
"http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1007.html",
"http://rhn.redhat.com/errata/RHSA-2015-1020.html",
"http://rhn.redhat.com/errata/RHSA-2015-1021.html",
"http://rhn.redhat.com/errata/RHSA-2015-1091.html",
"http://rhn.redhat.com/errata/RHSA-2015-1228.html",
"http://rhn.redhat.com/errata/RHSA-2015-1229.html",
"http://rhn.redhat.com/errata/RHSA-2015-1230.html",
"http://rhn.redhat.com/errata/RHSA-2015-1241.html",
"http://rhn.redhat.com/errata/RHSA-2015-1242.html",
"http://rhn.redhat.com/errata/RHSA-2015-1243.html",
"http://rhn.redhat.com/errata/RHSA-2015-1526.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892",
"http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"http://www-304.ibm.com/support/docview.wss?uid=swg21903565",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960015",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960769",
"http://www.debian.org/security/2015/dsa-3316",
"http://www.debian.org/security/2015/dsa-3339",
"http://www.huawei.com/en/psirt/security-advisories/hw-454055",
"http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.securityfocus.com/bid/73684",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032599",
"http://www.securitytracker.com/id/1032600",
"http://www.securitytracker.com/id/1032707",
"http://www.securitytracker.com/id/1032708",
"http://www.securitytracker.com/id/1032734",
"http://www.securitytracker.com/id/1032788",
"http://www.securitytracker.com/id/1032858",
"http://www.securitytracker.com/id/1032868",
"http://www.securitytracker.com/id/1032910",
"http://www.securitytracker.com/id/1032990",
"http://www.securitytracker.com/id/1033071",
"http://www.securitytracker.com/id/1033072",
"http://www.securitytracker.com/id/1033386",
"http://www.securitytracker.com/id/1033415",
"http://www.securitytracker.com/id/1033431",
"http://www.securitytracker.com/id/1033432",
"http://www.securitytracker.com/id/1033737",
"http://www.securitytracker.com/id/1033769",
"http://www.securitytracker.com/id/1036222",
"http://www.ubuntu.com/usn/USN-2696-1",
"http://www.ubuntu.com/usn/USN-2706-1",
"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808",
"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
"https://kb.juniper.net/JSA10783",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163",
"https://security.gentoo.org/glsa/201512-10",
"https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709",
"https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
]
},
{
"VulnerabilityID": "CVE-2016-2183",
"PkgName": "nss-sysinit",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",
"Severity": "MEDIUM",
"References": [
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759",
"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
"http://rhn.redhat.com/errata/RHSA-2017-0336.html",
"http://rhn.redhat.com/errata/RHSA-2017-0337.html",
"http://rhn.redhat.com/errata/RHSA-2017-0338.html",
"http://rhn.redhat.com/errata/RHSA-2017-0462.html",
"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
"http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
"http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"http://www.securityfocus.com/bid/92630",
"http://www.securityfocus.com/bid/95568",
"http://www.securitytracker.com/id/1036696",
"http://www.splunk.com/view/SP-CAAAPSV",
"http://www.splunk.com/view/SP-CAAAPUE",
"https://access.redhat.com/articles/2548661",
"https://access.redhat.com/errata/RHSA-2016:1940",
"https://access.redhat.com/errata/RHSA-2017:1216",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2018:2123",
"https://access.redhat.com/errata/RHSA-2019:1245",
"https://access.redhat.com/security/cve/cve-2016-2183",
"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/",
"https://bto.bluecoat.com/security-advisory/sa133",
"https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849",
"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171",
"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/",
"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"https://security.gentoo.org/glsa/201612-16",
"https://security.gentoo.org/glsa/201701-65",
"https://security.gentoo.org/glsa/201707-01",
"https://security.netapp.com/advisory/ntap-20160915-0001/",
"https://security.netapp.com/advisory/ntap-20170119-0001/",
"https://sweet32.info/",
"https://www.ietf.org/mail-archive/web/tls/current/msg04560.html",
"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008",
"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/",
"https://www.openssl.org/blog/blog/2016/08/24/sweet32/",
"https://www.sigsac.org/ccs/CCS2016/accepted-papers/",
"https://www.tenable.com/security/tns-2016-16",
"https://www.tenable.com/security/tns-2016-20",
"https://www.tenable.com/security/tns-2016-21",
"https://www.tenable.com/security/tns-2017-09",
"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
]
},
{
"VulnerabilityID": "CVE-2016-9074",
"PkgName": "nss-sysinit",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Insufficient timing side-channel resistance in divSpoiler",
"Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/94341",
"http://www.securitytracker.com/id/1037298",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074",
"https://security.gentoo.org/glsa/201701-15",
"https://security.gentoo.org/glsa/201701-46",
"https://www.debian.org/security/2016/dsa-3730",
"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074",
"https://www.mozilla.org/security/advisories/mfsa2016-89/",
"https://www.mozilla.org/security/advisories/mfsa2016-90/",
"https://www.mozilla.org/security/advisories/mfsa2016-93/"
]
},
{
"VulnerabilityID": "CVE-2016-9574",
"PkgName": "nss-sysinit",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA",
"Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.mozilla.org/show_bug.cgi?id=1320695",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574"
]
},
{
"VulnerabilityID": "CVE-2018-12404",
"PkgName": "nss-sysinit",
"InstalledVersion": "3.36.0-7.1.el7_6",
"FixedVersion": "3.44.0-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Cache side-channel variant of the Bleichenbacher attack",
"Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html",
"http://www.securityfocus.com/bid/107260",
"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"
]
},
{
"VulnerabilityID": "CVE-2018-18508",
"PkgName": "nss-sysinit",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service",
"Description": "No description is available for this CVE.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508",
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
]
},
{
"VulnerabilityID": "CVE-2018-0495",
"PkgName": "nss-sysinit",
"InstalledVersion": "3.36.0-7.1.el7_6",
"FixedVersion": "3.44.0-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"Severity": "LOW",
"References": [
"http://www.securitytracker.com/id/1041144",
"http://www.securitytracker.com/id/1041147",
"https://access.redhat.com/errata/RHSA-2018:3221",
"https://access.redhat.com/errata/RHSA-2018:3505",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495",
"https://dev.gnupg.org/T4011",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html",
"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"https://usn.ubuntu.com/3689-1/",
"https://usn.ubuntu.com/3689-2/",
"https://usn.ubuntu.com/3692-1/",
"https://usn.ubuntu.com/3692-2/",
"https://usn.ubuntu.com/3850-1/",
"https://usn.ubuntu.com/3850-2/",
"https://www.debian.org/security/2018/dsa-4231",
"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
]
},
{
"VulnerabilityID": "CVE-2015-2808",
"PkgName": "nss-tools",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher",
"Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",
"Severity": "MEDIUM",
"References": [
"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html",
"http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1007.html",
"http://rhn.redhat.com/errata/RHSA-2015-1020.html",
"http://rhn.redhat.com/errata/RHSA-2015-1021.html",
"http://rhn.redhat.com/errata/RHSA-2015-1091.html",
"http://rhn.redhat.com/errata/RHSA-2015-1228.html",
"http://rhn.redhat.com/errata/RHSA-2015-1229.html",
"http://rhn.redhat.com/errata/RHSA-2015-1230.html",
"http://rhn.redhat.com/errata/RHSA-2015-1241.html",
"http://rhn.redhat.com/errata/RHSA-2015-1242.html",
"http://rhn.redhat.com/errata/RHSA-2015-1243.html",
"http://rhn.redhat.com/errata/RHSA-2015-1526.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892",
"http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"http://www-304.ibm.com/support/docview.wss?uid=swg21903565",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960015",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960769",
"http://www.debian.org/security/2015/dsa-3316",
"http://www.debian.org/security/2015/dsa-3339",
"http://www.huawei.com/en/psirt/security-advisories/hw-454055",
"http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.securityfocus.com/bid/73684",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032599",
"http://www.securitytracker.com/id/1032600",
"http://www.securitytracker.com/id/1032707",
"http://www.securitytracker.com/id/1032708",
"http://www.securitytracker.com/id/1032734",
"http://www.securitytracker.com/id/1032788",
"http://www.securitytracker.com/id/1032858",
"http://www.securitytracker.com/id/1032868",
"http://www.securitytracker.com/id/1032910",
"http://www.securitytracker.com/id/1032990",
"http://www.securitytracker.com/id/1033071",
"http://www.securitytracker.com/id/1033072",
"http://www.securitytracker.com/id/1033386",
"http://www.securitytracker.com/id/1033415",
"http://www.securitytracker.com/id/1033431",
"http://www.securitytracker.com/id/1033432",
"http://www.securitytracker.com/id/1033737",
"http://www.securitytracker.com/id/1033769",
"http://www.securitytracker.com/id/1036222",
"http://www.ubuntu.com/usn/USN-2696-1",
"http://www.ubuntu.com/usn/USN-2706-1",
"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808",
"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
"https://kb.juniper.net/JSA10783",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163",
"https://security.gentoo.org/glsa/201512-10",
"https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709",
"https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
]
},
{
"VulnerabilityID": "CVE-2016-2183",
"PkgName": "nss-tools",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)",
"Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",
"Severity": "MEDIUM",
"References": [
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759",
"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
"http://rhn.redhat.com/errata/RHSA-2017-0336.html",
"http://rhn.redhat.com/errata/RHSA-2017-0337.html",
"http://rhn.redhat.com/errata/RHSA-2017-0338.html",
"http://rhn.redhat.com/errata/RHSA-2017-0462.html",
"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
"http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
"http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"http://www.securityfocus.com/bid/92630",
"http://www.securityfocus.com/bid/95568",
"http://www.securitytracker.com/id/1036696",
"http://www.splunk.com/view/SP-CAAAPSV",
"http://www.splunk.com/view/SP-CAAAPUE",
"https://access.redhat.com/articles/2548661",
"https://access.redhat.com/errata/RHSA-2016:1940",
"https://access.redhat.com/errata/RHSA-2017:1216",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2018:2123",
"https://access.redhat.com/errata/RHSA-2019:1245",
"https://access.redhat.com/security/cve/cve-2016-2183",
"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/",
"https://bto.bluecoat.com/security-advisory/sa133",
"https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03765en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03725en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849",
"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171",
"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/",
"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"https://security.gentoo.org/glsa/201612-16",
"https://security.gentoo.org/glsa/201701-65",
"https://security.gentoo.org/glsa/201707-01",
"https://security.netapp.com/advisory/ntap-20160915-0001/",
"https://security.netapp.com/advisory/ntap-20170119-0001/",
"https://sweet32.info/",
"https://www.ietf.org/mail-archive/web/tls/current/msg04560.html",
"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008",
"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/",
"https://www.openssl.org/blog/blog/2016/08/24/sweet32/",
"https://www.sigsac.org/ccs/CCS2016/accepted-papers/",
"https://www.tenable.com/security/tns-2016-16",
"https://www.tenable.com/security/tns-2016-20",
"https://www.tenable.com/security/tns-2016-21",
"https://www.tenable.com/security/tns-2017-09",
"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
]
},
{
"VulnerabilityID": "CVE-2016-9074",
"PkgName": "nss-tools",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Insufficient timing side-channel resistance in divSpoiler",
"Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/94341",
"http://www.securitytracker.com/id/1037298",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074",
"https://security.gentoo.org/glsa/201701-15",
"https://security.gentoo.org/glsa/201701-46",
"https://www.debian.org/security/2016/dsa-3730",
"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074",
"https://www.mozilla.org/security/advisories/mfsa2016-89/",
"https://www.mozilla.org/security/advisories/mfsa2016-90/",
"https://www.mozilla.org/security/advisories/mfsa2016-93/"
]
},
{
"VulnerabilityID": "CVE-2016-9574",
"PkgName": "nss-tools",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA",
"Description": "nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.mozilla.org/show_bug.cgi?id=1320695",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574"
]
},
{
"VulnerabilityID": "CVE-2018-12404",
"PkgName": "nss-tools",
"InstalledVersion": "3.36.0-7.1.el7_6",
"FixedVersion": "3.44.0-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Cache side-channel variant of the Bleichenbacher attack",
"Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html",
"http://www.securityfocus.com/bid/107260",
"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"
]
},
{
"VulnerabilityID": "CVE-2018-18508",
"PkgName": "nss-tools",
"InstalledVersion": "3.36.0-7.1.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: NULL pointer dereference in several CMS functions resulting in a denial of service",
"Description": "No description is available for this CVE.",
"Severity": "MEDIUM",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508",
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes"
]
},
{
"VulnerabilityID": "CVE-2018-0495",
"PkgName": "nss-tools",
"InstalledVersion": "3.36.0-7.1.el7_6",
"FixedVersion": "3.44.0-4.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"Severity": "LOW",
"References": [
"http://www.securitytracker.com/id/1041144",
"http://www.securitytracker.com/id/1041147",
"https://access.redhat.com/errata/RHSA-2018:3221",
"https://access.redhat.com/errata/RHSA-2018:3505",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495",
"https://dev.gnupg.org/T4011",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html",
"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"https://usn.ubuntu.com/3689-1/",
"https://usn.ubuntu.com/3689-2/",
"https://usn.ubuntu.com/3692-1/",
"https://usn.ubuntu.com/3692-2/",
"https://usn.ubuntu.com/3850-1/",
"https://usn.ubuntu.com/3850-2/",
"https://www.debian.org/security/2018/dsa-4231",
"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
]
},
{
"VulnerabilityID": "CVE-2018-12404",
"PkgName": "nss-util",
"InstalledVersion": "3.36.0-1.1.el7_6",
"FixedVersion": "3.44.0-3.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "nss: Cache side-channel variant of the Bleichenbacher attack",
"Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html",
"http://www.securityfocus.com/bid/107260",
"https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"
]
},
{
"VulnerabilityID": "CVE-2018-0495",
"PkgName": "nss-util",
"InstalledVersion": "3.36.0-1.1.el7_6",
"FixedVersion": "3.44.0-3.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries",
"Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.",
"Severity": "LOW",
"References": [
"http://www.securitytracker.com/id/1041144",
"http://www.securitytracker.com/id/1041147",
"https://access.redhat.com/errata/RHSA-2018:3221",
"https://access.redhat.com/errata/RHSA-2018:3505",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495",
"https://dev.gnupg.org/T4011",
"https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965",
"https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html",
"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html",
"https://usn.ubuntu.com/3689-1/",
"https://usn.ubuntu.com/3689-2/",
"https://usn.ubuntu.com/3692-1/",
"https://usn.ubuntu.com/3692-2/",
"https://usn.ubuntu.com/3850-1/",
"https://usn.ubuntu.com/3850-2/",
"https://www.debian.org/security/2018/dsa-4231",
"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
]
},
{
"VulnerabilityID": "CVE-2015-1546",
"PkgName": "openldap",
"InstalledVersion": "2.4.44-21.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openldap: slapd crash in valueReturnFilter cleanup",
"Description": "Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.",
"Severity": "MEDIUM",
"References": [
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html",
"http://secunia.com/advisories/62787",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:073",
"http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a",
"http://www.openldap.org/its/?findid=8046",
"http://www.openwall.com/lists/oss-security/2015/02/07/3",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/100938",
"https://support.apple.com/HT204659"
]
},
{
"VulnerabilityID": "CVE-2019-13565",
"PkgName": "openldap",
"InstalledVersion": "2.4.44-21.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openldap: ACL restrictions bypass due to sasl_ssf value being set permanently",
"Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html",
"http://www.openldap.org/lists/openldap-announce/201907/msg00001.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html",
"https://openldap.org/its/?findid=9052",
"https://usn.ubuntu.com/4078-1/",
"https://usn.ubuntu.com/4078-2/",
"https://www.openldap.org/its/index.cgi/?findid=9052",
"https://www.openldap.org/lists/openldap-announce/201907/msg00001.html"
]
},
{
"VulnerabilityID": "CVE-2016-4984",
"PkgName": "openldap",
"InstalledVersion": "2.4.44-21.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file",
"Description": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.",
"Severity": "LOW",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1346120"
]
},
{
"VulnerabilityID": "CVE-2017-14159",
"PkgName": "openldap",
"InstalledVersion": "2.4.44-21.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openldap: Privilege escalation via PID file manipulation",
"Description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.",
"Severity": "LOW",
"References": [
"http://www.openldap.org/its/index.cgi?findid=8703"
]
},
{
"VulnerabilityID": "CVE-2019-13057",
"PkgName": "openldap",
"InstalledVersion": "2.4.44-21.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openldap: Information disclosure issue in slapd component",
"Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)",
"Severity": "LOW",
"References": [
"http://www.openldap.org/lists/openldap-announce/201907/msg00001.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html",
"https://openldap.org/its/?findid=9038",
"https://security.netapp.com/advisory/ntap-20190822-0004/",
"https://usn.ubuntu.com/4078-1/",
"https://usn.ubuntu.com/4078-2/",
"https://www.openldap.org/its/?findid=9038",
"https://www.openldap.org/lists/openldap-announce/201907/msg00001.html"
]
},
{
"VulnerabilityID": "CVE-2015-2808",
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "SSL/TLS: \"Invariance Weakness\" vulnerability in RC4 stream cipher",
"Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",
"Severity": "MEDIUM",
"References": [
"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html",
"http://marc.info/?l=bugtraq\u0026m=143456209711959\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143629696317098\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143741441012338\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817021313142\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143817899717054\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=143818140118771\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059660127919\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144059703728085\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144104565600964\u0026w=2",
"http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1007.html",
"http://rhn.redhat.com/errata/RHSA-2015-1020.html",
"http://rhn.redhat.com/errata/RHSA-2015-1021.html",
"http://rhn.redhat.com/errata/RHSA-2015-1091.html",
"http://rhn.redhat.com/errata/RHSA-2015-1228.html",
"http://rhn.redhat.com/errata/RHSA-2015-1229.html",
"http://rhn.redhat.com/errata/RHSA-2015-1230.html",
"http://rhn.redhat.com/errata/RHSA-2015-1241.html",
"http://rhn.redhat.com/errata/RHSA-2015-1242.html",
"http://rhn.redhat.com/errata/RHSA-2015-1243.html",
"http://rhn.redhat.com/errata/RHSA-2015-1526.html",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888",
"http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892",
"http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"http://www-304.ibm.com/support/docview.wss?uid=swg21903565",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960015",
"http://www-304.ibm.com/support/docview.wss?uid=swg21960769",
"http://www.debian.org/security/2015/dsa-3316",
"http://www.debian.org/security/2015/dsa-3339",
"http://www.huawei.com/en/psirt/security-advisories/hw-454055",
"http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.securityfocus.com/bid/73684",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032599",
"http://www.securitytracker.com/id/1032600",
"http://www.securitytracker.com/id/1032707",
"http://www.securitytracker.com/id/1032708",
"http://www.securitytracker.com/id/1032734",
"http://www.securitytracker.com/id/1032788",
"http://www.securitytracker.com/id/1032858",
"http://www.securitytracker.com/id/1032868",
"http://www.securitytracker.com/id/1032910",
"http://www.securitytracker.com/id/1032990",
"http://www.securitytracker.com/id/1033071",
"http://www.securitytracker.com/id/1033072",
"http://www.securitytracker.com/id/1033386",
"http://www.securitytracker.com/id/1033415",
"http://www.securitytracker.com/id/1033431",
"http://www.securitytracker.com/id/1033432",
"http://www.securitytracker.com/id/1033737",
"http://www.securitytracker.com/id/1033769",
"http://www.securitytracker.com/id/1036222",
"http://www.ubuntu.com/usn/USN-2696-1",
"http://www.ubuntu.com/usn/USN-2706-1",
"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808",
"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
"https://kb.juniper.net/JSA10783",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10163",
"https://security.gentoo.org/glsa/201512-10",
"https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709",
"https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf"
]
},
{
"VulnerabilityID": "CVE-2018-0734",
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openssl: timing side channel attack in the DSA signature algorithm",
"Description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html",
"http://www.securityfocus.com/bid/105758",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7",
"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"https://security.netapp.com/advisory/ntap-20181105-0002/",
"https://security.netapp.com/advisory/ntap-20190118-0002/",
"https://security.netapp.com/advisory/ntap-20190423-0002/",
"https://usn.ubuntu.com/3840-1/",
"https://www.debian.org/security/2018/dsa-4348",
"https://www.debian.org/security/2018/dsa-4355",
"https://www.openssl.org/news/secadv/20181030.txt",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2018-16",
"https://www.tenable.com/security/tns-2018-17"
]
},
{
"VulnerabilityID": "CVE-2018-0735",
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openssl: timing side channel attack in the ECDSA signature generation",
"Description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105750",
"http://www.securitytracker.com/id/1041986",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html",
"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"https://security.netapp.com/advisory/ntap-20181105-0002/",
"https://usn.ubuntu.com/3840-1/",
"https://www.debian.org/security/2018/dsa-4348",
"https://www.openssl.org/news/secadv/20181029.txt",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
]
},
{
"VulnerabilityID": "CVE-2019-1559",
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openssl: 0-byte record padding oracle",
"Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html",
"http://www.securityfocus.com/bid/107174",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"https://github.com/RUB-NDS/TLS-Padding-Oracles",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html",
"https://security.gentoo.org/glsa/201903-10",
"https://security.netapp.com/advisory/ntap-20190301-0001/",
"https://security.netapp.com/advisory/ntap-20190301-0002/",
"https://security.netapp.com/advisory/ntap-20190423-0002/",
"https://support.f5.com/csp/article/K18549143",
"https://usn.ubuntu.com/3899-1/",
"https://www.debian.org/security/2019/dsa-4400",
"https://www.openssl.org/news/secadv/20190226.txt",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.tenable.com/security/tns-2019-02",
"https://www.tenable.com/security/tns-2019-03"
]
},
{
"VulnerabilityID": "CVE-2019-1563",
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
"Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"Severity": "MEDIUM",
"References": [
"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f",
"https://seclists.org/bugtraq/2019/Sep/25",
"https://security.netapp.com/advisory/ntap-20190919-0002/",
"https://www.openssl.org/news/secadv/20190910.txt"
]
},
{
"VulnerabilityID": "CVE-2018-5407",
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-16.el7_6.1",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)",
"Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.",
"Severity": "LOW",
"References": [
"http://www.securityfocus.com/bid/105897",
"https://access.redhat.com/errata/RHSA-2019:0483",
"https://access.redhat.com/errata/RHSA-2019:0651",
"https://access.redhat.com/errata/RHSA-2019:0652",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407",
"https://eprint.iacr.org/2018/1060.pdf",
"https://github.com/bbbrumley/portsmash",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html",
"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"https://security.gentoo.org/glsa/201903-10",
"https://security.netapp.com/advisory/ntap-20181126-0001/",
"https://usn.ubuntu.com/3840-1/",
"https://www.debian.org/security/2018/dsa-4348",
"https://www.debian.org/security/2018/dsa-4355",
"https://www.exploit-db.com/exploits/45785/",
"https://www.openssl.org/news/secadv/20181112.txt",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2018-16",
"https://www.tenable.com/security/tns-2018-17"
]
},
{
"VulnerabilityID": "CVE-2019-1547",
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "openssl: side-channel weak encryption vulnerability",
"Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
"Severity": "LOW",
"References": [
"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
"https://arxiv.org/abs/1909.01785",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a",
"https://seclists.org/bugtraq/2019/Sep/25",
"https://security.netapp.com/advisory/ntap-20190919-0002/",
"https://www.openssl.org/news/secadv/20190910.txt"
]
},
{
"VulnerabilityID": "CVE-2015-8380",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)",
"Description": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173700.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/77695",
"https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://bugs.exim.org/show_bug.cgi?id=1637",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8387",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: Integer overflow in subroutine calls (8.38/8)",
"Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/82990",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8390",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: uninitialized memory read triggered by malformed posix character class (8.38/22)",
"Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/82990",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2015-8394",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: Integer overflow caused by missing check for certain conditions (8.38/31)",
"Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/82990",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2017-11164",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c",
"Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
"Severity": "HIGH",
"References": [
"http://openwall.com/lists/oss-security/2017/07/11/3",
"http://www.securityfocus.com/bid/99575"
]
},
{
"VulnerabilityID": "CVE-2015-8382",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "php: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)",
"Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.",
"Severity": "MEDIUM",
"References": [
"http://git.php.net/?p=php-src.git;a=commit;h=c351b47ce85a3a147cfa801fa9f0149ab4160834",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502\u0026r2=1510",
"http://www.openwall.com/lists/oss-security/2015/08/04/3",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/76157",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://bugs.exim.org/show_bug.cgi?id=1537",
"https://bugzilla.redhat.com/show_bug.cgi?id=1187225",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382"
]
},
{
"VulnerabilityID": "CVE-2015-8393",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: pcregrep -q is not always quiet (8.38/28)",
"Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.",
"Severity": "MEDIUM",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html",
"http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup",
"http://www.openwall.com/lists/oss-security/2015/11/29/1",
"http://www.securityfocus.com/bid/82990",
"https://bto.bluecoat.com/security-advisory/sa128",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"https://security.gentoo.org/glsa/201607-02"
]
},
{
"VulnerabilityID": "CVE-2017-6004",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)",
"Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/96295",
"http://www.securitytracker.com/id/1037850",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://bugs.exim.org/show_bug.cgi?id=2035",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004",
"https://security.gentoo.org/glsa/201706-11",
"https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676\u0026r2=1680\u0026view=patch"
]
},
{
"VulnerabilityID": "CVE-2017-7186",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)",
"Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97030",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/",
"https://bugs.exim.org/show_bug.cgi?id=2052",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186",
"https://security.gentoo.org/glsa/201710-09",
"https://security.gentoo.org/glsa/201710-25",
"https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649\u0026r2=1688\u0026sortby=date",
"https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490\u0026r2=1688\u0026sortby=date",
"https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600\u0026r2=670\u0026sortby=date",
"https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316\u0026r2=670\u0026sortby=date"
]
},
{
"VulnerabilityID": "CVE-2017-7244",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)",
"Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97067",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244",
"https://security.gentoo.org/glsa/201710-25"
]
},
{
"VulnerabilityID": "CVE-2017-7245",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring",
"Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97067",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"https://security.gentoo.org/glsa/201710-25"
]
},
{
"VulnerabilityID": "CVE-2017-7246",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: stack-based buffer overflow write in pcre32_copy_substring",
"Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/97067",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"https://security.gentoo.org/glsa/201710-25"
]
},
{
"VulnerabilityID": "CVE-2017-16231",
"PkgName": "pcre",
"InstalledVersion": "8.32-17.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service",
"Description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.",
"Severity": "LOW",
"References": [
"http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2018/Dec/33",
"http://www.openwall.com/lists/oss-security/2017/11/01/11",
"http://www.openwall.com/lists/oss-security/2017/11/01/3",
"http://www.openwall.com/lists/oss-security/2017/11/01/7",
"http://www.openwall.com/lists/oss-security/2017/11/01/8",
"http://www.securityfocus.com/bid/101688",
"https://bugs.exim.org/show_bug.cgi?id=2047"
]
},
{
"VulnerabilityID": "CVE-2018-1121",
"PkgName": "procps-ng",
"InstalledVersion": "3.3.10-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "procps-ng, procps: process hiding through race condition enumerating /proc",
"Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.",
"Severity": "MEDIUM",
"References": [
"http://seclists.org/oss-sec/2018/q2/122",
"http://www.securityfocus.com/bid/104214",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121",
"https://security.gentoo.org/glsa/201805-14",
"https://www.exploit-db.com/exploits/44806/",
"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
]
},
{
"VulnerabilityID": "CVE-2018-1122",
"PkgName": "procps-ng",
"InstalledVersion": "3.3.10-23.el7",
"FixedVersion": "3.3.10-26.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "procps-ng, procps: Local privilege escalation in top",
"Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"Severity": "MEDIUM",
"References": [
"http://seclists.org/oss-sec/2018/q2/122",
"http://www.securityfocus.com/bid/104214",
"https://access.redhat.com/errata/RHSA-2019:2189",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html",
"https://security.gentoo.org/glsa/201805-14",
"https://usn.ubuntu.com/3658-1/",
"https://usn.ubuntu.com/3658-3/",
"https://www.debian.org/security/2018/dsa-4208",
"https://www.exploit-db.com/exploits/44806/",
"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
]
},
{
"VulnerabilityID": "CVE-2018-1123",
"PkgName": "procps-ng",
"InstalledVersion": "3.3.10-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "procps-ng, procps: denial of service in ps via mmap buffer overflow",
"Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"Severity": "MEDIUM",
"References": [
"http://seclists.org/oss-sec/2018/q2/122",
"http://www.securityfocus.com/bid/104214",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1123",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html",
"https://security.gentoo.org/glsa/201805-14",
"https://usn.ubuntu.com/3658-1/",
"https://usn.ubuntu.com/3658-3/",
"https://www.debian.org/security/2018/dsa-4208",
"https://www.exploit-db.com/exploits/44806/",
"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
]
},
{
"VulnerabilityID": "CVE-2018-1125",
"PkgName": "procps-ng",
"InstalledVersion": "3.3.10-23.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "procps-ng, procps: stack buffer overflow in pgrep",
"Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"Severity": "MEDIUM",
"References": [
"http://seclists.org/oss-sec/2018/q2/122",
"http://www.securityfocus.com/bid/104214",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1125",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html",
"https://usn.ubuntu.com/3658-1/",
"https://usn.ubuntu.com/3658-3/",
"https://www.debian.org/security/2018/dsa-4208",
"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
]
},
{
"VulnerabilityID": "CVE-2017-1000158",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow",
"Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)",
"Severity": "HIGH",
"References": [
"http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html",
"http://www.securitytracker.com/id/1039890",
"https://bugs.python.org/issue30657",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html",
"https://security.gentoo.org/glsa/201805-02",
"https://www.debian.org/security/2018/dsa-4307"
]
},
{
"VulnerabilityID": "CVE-2019-5010",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: NULL pointer dereference using a specially crafted X509 certificate",
"Description": "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010",
"https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html"
]
},
{
"VulnerabilityID": "CVE-2013-1664",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities",
"Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.",
"Severity": "MEDIUM",
"References": [
"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
"http://bugs.python.org/issue17239",
"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html",
"http://rhn.redhat.com/errata/RHSA-2013-0657.html",
"http://rhn.redhat.com/errata/RHSA-2013-0658.html",
"http://rhn.redhat.com/errata/RHSA-2013-0670.html",
"http://ubuntu.com/usn/usn-1757-1",
"http://www.openwall.com/lists/oss-security/2013/02/19/2",
"http://www.openwall.com/lists/oss-security/2013/02/19/4",
"https://bugs.launchpad.net/nova/+bug/1100282",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664"
]
},
{
"VulnerabilityID": "CVE-2013-1665",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities",
"Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.",
"Severity": "MEDIUM",
"References": [
"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
"http://bugs.python.org/issue17239",
"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html",
"http://rhn.redhat.com/errata/RHSA-2013-0657.html",
"http://rhn.redhat.com/errata/RHSA-2013-0658.html",
"http://rhn.redhat.com/errata/RHSA-2013-0670.html",
"http://ubuntu.com/usn/usn-1757-1",
"http://www.debian.org/security/2013/dsa-2634",
"http://www.openwall.com/lists/oss-security/2013/02/19/2",
"http://www.openwall.com/lists/oss-security/2013/02/19/4",
"https://bugs.launchpad.net/keystone/+bug/1100279",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665"
]
},
{
"VulnerabilityID": "CVE-2013-7040",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: hash secret can be recovered remotely",
"Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.",
"Severity": "MEDIUM",
"References": [
"http://bugs.python.org/issue14621",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://www.openwall.com/lists/oss-security/2013/12/09/13",
"http://www.openwall.com/lists/oss-security/2013/12/09/3",
"http://www.securityfocus.com/bid/64194",
"https://support.apple.com/kb/HT205031"
]
},
{
"VulnerabilityID": "CVE-2018-1000030",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c",
"Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.",
"Severity": "MEDIUM",
"References": [
"https://bugs.python.org/issue31530",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030",
"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view",
"https://security.gentoo.org/glsa/201811-02",
"https://usn.ubuntu.com/3817-1/",
"https://usn.ubuntu.com/3817-2/",
"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0"
]
},
{
"VulnerabilityID": "CVE-2018-14647",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Missing salt initialization in _elementtree.c module",
"Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105396",
"http://www.securitytracker.com/id/1041740",
"https://access.redhat.com/errata/RHSA-2019:1260",
"https://access.redhat.com/errata/RHSA-2019:2030",
"https://bugs.python.org/issue34623",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/",
"https://usn.ubuntu.com/3817-1/",
"https://usn.ubuntu.com/3817-2/",
"https://www.debian.org/security/2018/dsa-4306",
"https://www.debian.org/security/2018/dsa-4307"
]
},
{
"VulnerabilityID": "CVE-2018-20852",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Cookie domain check returns incorrect results",
"Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html",
"https://bugs.python.org/issue35121",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html",
"https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
]
},
{
"VulnerabilityID": "CVE-2019-10160",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-80.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc",
"Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:1587",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160",
"https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09",
"https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e",
"https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de",
"https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",
"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html",
"https://security.netapp.com/advisory/ntap-20190617-0003/"
]
},
{
"VulnerabilityID": "CVE-2019-16056",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: email.utils.parseaddr wrongly parses email addresses",
"Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"Severity": "MEDIUM",
"References": [
"https://bugs.python.org/issue34155",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056",
"https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/"
]
},
{
"VulnerabilityID": "CVE-2019-9636",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-77.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Information Disclosure due to urlsplit improper NFKC normalization",
"Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html",
"http://www.securityfocus.com/bid/107400",
"https://access.redhat.com/errata/RHBA-2019:0959",
"https://access.redhat.com/errata/RHSA-2019:0710",
"https://access.redhat.com/errata/RHSA-2019:0765",
"https://access.redhat.com/errata/RHSA-2019:0806",
"https://access.redhat.com/errata/RHSA-2019:0902",
"https://access.redhat.com/errata/RHSA-2019:0981",
"https://access.redhat.com/errata/RHSA-2019:0997",
"https://access.redhat.com/errata/RHSA-2019:1467",
"https://bugs.python.org/issue36216",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636",
"https://github.com/python/cpython/pull/12201",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/",
"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html",
"https://security.netapp.com/advisory/ntap-20190517-0001/"
]
},
{
"VulnerabilityID": "CVE-2019-9740",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: CRLF injection via the query part of the url passed to urlopen()",
"Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/107466",
"https://access.redhat.com/errata/RHSA-2019:1260",
"https://bugs.python.org/issue36276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/"
]
},
{
"VulnerabilityID": "CVE-2019-9947",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: CRLF injection via the path part of the url passed to urlopen()",
"Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:1260",
"https://bugs.python.org/issue35906",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/",
"https://security.netapp.com/advisory/ntap-20190404-0004/"
]
},
{
"VulnerabilityID": "CVE-2019-9948",
"PkgName": "python",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms",
"Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html",
"http://www.securityfocus.com/bid/107549",
"https://bugs.python.org/issue35907",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948",
"https://github.com/python/cpython/pull/11842",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",
"https://security.netapp.com/advisory/ntap-20190404-0004/"
]
},
{
"VulnerabilityID": "CVE-2017-1000158",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow",
"Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)",
"Severity": "HIGH",
"References": [
"http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html",
"http://www.securitytracker.com/id/1039890",
"https://bugs.python.org/issue30657",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html",
"https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html",
"https://security.gentoo.org/glsa/201805-02",
"https://www.debian.org/security/2018/dsa-4307"
]
},
{
"VulnerabilityID": "CVE-2019-5010",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: NULL pointer dereference using a specially crafted X509 certificate",
"Description": "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010",
"https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html"
]
},
{
"VulnerabilityID": "CVE-2013-1664",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Python xml bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities",
"Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.",
"Severity": "MEDIUM",
"References": [
"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
"http://bugs.python.org/issue17239",
"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html",
"http://rhn.redhat.com/errata/RHSA-2013-0657.html",
"http://rhn.redhat.com/errata/RHSA-2013-0658.html",
"http://rhn.redhat.com/errata/RHSA-2013-0670.html",
"http://ubuntu.com/usn/usn-1757-1",
"http://www.openwall.com/lists/oss-security/2013/02/19/2",
"http://www.openwall.com/lists/oss-security/2013/02/19/4",
"https://bugs.launchpad.net/nova/+bug/1100282",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664"
]
},
{
"VulnerabilityID": "CVE-2013-1665",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "Python xml bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities",
"Description": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.",
"Severity": "MEDIUM",
"References": [
"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
"http://bugs.python.org/issue17239",
"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html",
"http://rhn.redhat.com/errata/RHSA-2013-0657.html",
"http://rhn.redhat.com/errata/RHSA-2013-0658.html",
"http://rhn.redhat.com/errata/RHSA-2013-0670.html",
"http://ubuntu.com/usn/usn-1757-1",
"http://www.debian.org/security/2013/dsa-2634",
"http://www.openwall.com/lists/oss-security/2013/02/19/2",
"http://www.openwall.com/lists/oss-security/2013/02/19/4",
"https://bugs.launchpad.net/keystone/+bug/1100279",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665"
]
},
{
"VulnerabilityID": "CVE-2013-7040",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: hash secret can be recovered remotely",
"Description": "Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.",
"Severity": "MEDIUM",
"References": [
"http://bugs.python.org/issue14621",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://www.openwall.com/lists/oss-security/2013/12/09/13",
"http://www.openwall.com/lists/oss-security/2013/12/09/3",
"http://www.securityfocus.com/bid/64194",
"https://support.apple.com/kb/HT205031"
]
},
{
"VulnerabilityID": "CVE-2018-1000030",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c",
"Description": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-\u003eMalloc-\u003eThread1-\u003eFree's-\u003eThread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.",
"Severity": "MEDIUM",
"References": [
"https://bugs.python.org/issue31530",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030",
"https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view",
"https://security.gentoo.org/glsa/201811-02",
"https://usn.ubuntu.com/3817-1/",
"https://usn.ubuntu.com/3817-2/",
"https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0"
]
},
{
"VulnerabilityID": "CVE-2018-14647",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Missing salt initialization in _elementtree.c module",
"Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/105396",
"http://www.securitytracker.com/id/1041740",
"https://access.redhat.com/errata/RHSA-2019:1260",
"https://access.redhat.com/errata/RHSA-2019:2030",
"https://bugs.python.org/issue34623",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/",
"https://usn.ubuntu.com/3817-1/",
"https://usn.ubuntu.com/3817-2/",
"https://www.debian.org/security/2018/dsa-4306",
"https://www.debian.org/security/2018/dsa-4307"
]
},
{
"VulnerabilityID": "CVE-2018-20852",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Cookie domain check returns incorrect results",
"Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html",
"https://bugs.python.org/issue35121",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html",
"https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
]
},
{
"VulnerabilityID": "CVE-2019-10160",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-80.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc",
"Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:1587",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160",
"https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09",
"https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e",
"https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de",
"https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",
"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html",
"https://security.netapp.com/advisory/ntap-20190617-0003/"
]
},
{
"VulnerabilityID": "CVE-2019-16056",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: email.utils.parseaddr wrongly parses email addresses",
"Description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"Severity": "MEDIUM",
"References": [
"https://bugs.python.org/issue34155",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056",
"https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/"
]
},
{
"VulnerabilityID": "CVE-2019-9636",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-77.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Information Disclosure due to urlsplit improper NFKC normalization",
"Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html",
"http://www.securityfocus.com/bid/107400",
"https://access.redhat.com/errata/RHBA-2019:0959",
"https://access.redhat.com/errata/RHSA-2019:0710",
"https://access.redhat.com/errata/RHSA-2019:0765",
"https://access.redhat.com/errata/RHSA-2019:0806",
"https://access.redhat.com/errata/RHSA-2019:0902",
"https://access.redhat.com/errata/RHSA-2019:0981",
"https://access.redhat.com/errata/RHSA-2019:0997",
"https://access.redhat.com/errata/RHSA-2019:1467",
"https://bugs.python.org/issue36216",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636",
"https://github.com/python/cpython/pull/12201",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/",
"https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html",
"https://security.netapp.com/advisory/ntap-20190517-0001/"
]
},
{
"VulnerabilityID": "CVE-2019-9740",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: CRLF injection via the query part of the url passed to urlopen()",
"Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/107466",
"https://access.redhat.com/errata/RHSA-2019:1260",
"https://bugs.python.org/issue36276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/"
]
},
{
"VulnerabilityID": "CVE-2019-9947",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: CRLF injection via the path part of the url passed to urlopen()",
"Description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.",
"Severity": "MEDIUM",
"References": [
"https://access.redhat.com/errata/RHSA-2019:1260",
"https://bugs.python.org/issue35906",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/",
"https://security.netapp.com/advisory/ntap-20190404-0004/"
]
},
{
"VulnerabilityID": "CVE-2019-9948",
"PkgName": "python-libs",
"InstalledVersion": "2.7.5-76.el7",
"FixedVersion": "2.7.5-86.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms",
"Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html",
"http://www.securityfocus.com/bid/107549",
"https://bugs.python.org/issue35907",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948",
"https://github.com/python/cpython/pull/11842",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",
"https://security.netapp.com/advisory/ntap-20190404-0004/"
]
},
{
"VulnerabilityID": "CVE-2016-7091",
"PkgName": "readline",
"InstalledVersion": "6.2-10.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sudo: Possible info leak via INPUTRC",
"Description": "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/92615",
"https://lists.gnu.org/archive/html/bug-readline/2016-05/msg00009.html",
"https://rhn.redhat.com/errata/RHSA-2016-2593.html"
]
},
{
"VulnerabilityID": "CVE-2017-7500",
"PkgName": "rpm",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation",
"Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500",
"https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9",
"https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
]
},
{
"VulnerabilityID": "CVE-2017-7501",
"PkgName": "rpm",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to files when installing packages allows privilege escalation",
"Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.",
"Severity": "MEDIUM",
"References": [
"https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
"https://security.gentoo.org/glsa/201811-22"
]
},
{
"VulnerabilityID": "CVE-2017-7500",
"PkgName": "rpm-build-libs",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation",
"Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500",
"https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9",
"https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
]
},
{
"VulnerabilityID": "CVE-2017-7501",
"PkgName": "rpm-build-libs",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to files when installing packages allows privilege escalation",
"Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.",
"Severity": "MEDIUM",
"References": [
"https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
"https://security.gentoo.org/glsa/201811-22"
]
},
{
"VulnerabilityID": "CVE-2017-7500",
"PkgName": "rpm-libs",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation",
"Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500",
"https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9",
"https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
]
},
{
"VulnerabilityID": "CVE-2017-7501",
"PkgName": "rpm-libs",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to files when installing packages allows privilege escalation",
"Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.",
"Severity": "MEDIUM",
"References": [
"https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
"https://security.gentoo.org/glsa/201811-22"
]
},
{
"VulnerabilityID": "CVE-2017-7500",
"PkgName": "rpm-python",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to directories when installing packages allows privilege escalation",
"Description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.",
"Severity": "HIGH",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500",
"https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9",
"https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
]
},
{
"VulnerabilityID": "CVE-2017-7501",
"PkgName": "rpm-python",
"InstalledVersion": "4.11.3-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "rpm: Following symlinks to files when installing packages allows privilege escalation",
"Description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.",
"Severity": "MEDIUM",
"References": [
"https://github.com/rpm-software-management/rpm/commit/404ef011c300207cdb1e531670384564aae04bdc",
"https://security.gentoo.org/glsa/201811-22"
]
},
{
"VulnerabilityID": "CVE-2016-6252",
"PkgName": "shadow-utils",
"InstalledVersion": "2:4.1.5.1-25.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "shadow-utils: Incorrect integer handling results in LPE",
"Description": "Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.",
"Severity": "MEDIUM",
"References": [
"http://www.debian.org/security/2017/dsa-3793",
"http://www.openwall.com/lists/oss-security/2016/07/19/6",
"http://www.openwall.com/lists/oss-security/2016/07/19/7",
"http://www.openwall.com/lists/oss-security/2016/07/20/2",
"http://www.openwall.com/lists/oss-security/2016/07/25/7",
"http://www.securityfocus.com/bid/92055",
"https://bugzilla.suse.com/show_bug.cgi?id=979282",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252",
"https://github.com/shadow-maint/shadow/issues/27",
"https://security.gentoo.org/glsa/201706-02"
]
},
{
"VulnerabilityID": "CVE-2015-7036",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sqlite: arbitrary code execution on databases with malformed schema",
"Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.",
"Severity": "HIGH",
"References": [
"http://support.apple.com/kb/HT204941",
"http://support.apple.com/kb/HT204942",
"http://zerodayinitiative.com/advisories/ZDI-15-570/",
"https://security.gentoo.org/glsa/201612-21"
]
},
{
"VulnerabilityID": "CVE-2017-10989",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sqlite: Heap-buffer overflow in the getNodeSize function",
"Description": "The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html",
"http://marc.info/?l=sqlite-users\u0026m=149933696214713\u0026w=2",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.securityfocus.com/bid/99502",
"http://www.securitytracker.com/id/1039427",
"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405",
"https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html",
"https://sqlite.org/src/info/66de6f4a",
"https://sqlite.org/src/vpatch?from=0db20efe201736b3\u0026to=66de6f4a9504ec26",
"https://support.apple.com/HT208112",
"https://support.apple.com/HT208113",
"https://support.apple.com/HT208115",
"https://support.apple.com/HT208144",
"https://usn.ubuntu.com/4019-1/",
"https://usn.ubuntu.com/4019-2/"
]
},
{
"VulnerabilityID": "CVE-2019-8457",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sqlite3: heap out-of-bound read in function rtreenode()",
"Description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.",
"Severity": "HIGH",
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457",
"https://security.netapp.com/advisory/ntap-20190606-0002/",
"https://usn.ubuntu.com/4004-1/",
"https://usn.ubuntu.com/4004-2/",
"https://www.sqlite.org/releaselog/3_28_0.html",
"https://www.sqlite.org/src/info/90acdbfce9c08858"
]
},
{
"VulnerabilityID": "CVE-2016-6153",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sqlite: Tempdir selection vulnerability",
"Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html",
"http://www.openwall.com/lists/oss-security/2016/07/01/1",
"http://www.openwall.com/lists/oss-security/2016/07/01/2",
"http://www.securityfocus.com/bid/91546",
"http://www.sqlite.org/cgi/src/info/67985761aa93fb61",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/",
"https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt",
"https://www.sqlite.org/releaselog/3_13_0.html",
"https://www.tenable.com/security/tns-2016-20"
]
},
{
"VulnerabilityID": "CVE-2017-13685",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sqlite: Local DoS via dump_callback function",
"Description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.",
"Severity": "MEDIUM",
"References": [
"http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html",
"http://www.securityfocus.com/bid/100521",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685"
]
},
{
"VulnerabilityID": "CVE-2017-15286",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sqlite: NULL pointer dereference in tableColumnList",
"Description": "SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/101285",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286",
"https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md"
]
},
{
"VulnerabilityID": "CVE-2017-7000",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "chromium-browser: pointer disclosure in sqlite",
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"Severity": "MEDIUM",
"References": [
"http://www.securityfocus.com/bid/98767",
"http://www.securityfocus.com/bid/99950",
"https://access.redhat.com/errata/RHSA-2017:1833",
"https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000",
"https://security.gentoo.org/glsa/201709-15",
"https://support.apple.com/HT207797",
"https://support.apple.com/HT207798",
"https://www.debian.org/security/2017/dsa-3926"
]
},
{
"VulnerabilityID": "CVE-2018-8740",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "sqlite: NULL pointer dereference with databases with schema corrupted with CREATE TABLE AS allows for denial of service",
"Description": "In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html",
"http://www.securityfocus.com/bid/103466",
"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964",
"https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html",
"https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema",
"https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d\u0026to=d75e67654aa9620b"
]
},
{
"VulnerabilityID": "CVE-2019-5827",
"PkgName": "sqlite",
"InstalledVersion": "3.7.17-8.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "chromium-browser: out-of-bounds access in SQLite",
"Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html",
"https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
"https://crbug.com/952406",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
]
},
{
"VulnerabilityID": "CVE-2018-15686",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"FixedVersion": "219-67.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec",
"Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.",
"Severity": "CRITICAL",
"References": [
"http://www.securityfocus.com/bid/105747",
"https://access.redhat.com/errata/RHSA-2019:2091",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686",
"https://github.com/systemd/systemd/pull/10519",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html",
"https://security.gentoo.org/glsa/201810-10",
"https://usn.ubuntu.com/3816-1/",
"https://www.exploit-db.com/exploits/45714/"
]
},
{
"VulnerabilityID": "CVE-2018-6954",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files",
"Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954",
"https://github.com/systemd/systemd/issues/7986",
"https://usn.ubuntu.com/3816-1/",
"https://usn.ubuntu.com/3816-2/"
]
},
{
"VulnerabilityID": "CVE-2017-18078",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: Unsafe handling of hard links allowing privilege escalation",
"Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html",
"http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html",
"http://www.openwall.com/lists/oss-security/2018/01/29/3",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078",
"https://github.com/systemd/systemd/issues/7736",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html",
"https://www.exploit-db.com/exploits/43935/",
"https://www.openwall.com/lists/oss-security/2018/01/29/4"
]
},
{
"VulnerabilityID": "CVE-2019-3842",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"",
"Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html",
"http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/",
"https://www.exploit-db.com/exploits/46743/"
]
},
{
"VulnerabilityID": "CVE-2013-4392",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts",
"Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.",
"Severity": "LOW",
"References": [
"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357",
"http://www.openwall.com/lists/oss-security/2013/10/01/9",
"https://bugzilla.redhat.com/show_bug.cgi?id=859060"
]
},
{
"VulnerabilityID": "CVE-2016-6349",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "oci-register-machine: information exposure for docker containers",
"Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.",
"Severity": "LOW",
"References": [
"http://www.openwall.com/lists/oss-security/2016/07/26/9",
"http://www.openwall.com/lists/oss-security/2016/10/13/7",
"http://www.securityfocus.com/bid/92143",
"https://bugzilla.redhat.com/show_bug.cgi?id=1360634",
"https://github.com/projectatomic/oci-register-machine/pull/22"
]
},
{
"VulnerabilityID": "CVE-2018-16866",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"FixedVersion": "219-67.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: out-of-bounds read when parsing a crafted syslog message",
"Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.",
"Severity": "LOW",
"References": [
"http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html",
"http://seclists.org/fulldisclosure/2019/May/21",
"http://www.openwall.com/lists/oss-security/2019/05/10/4",
"http://www.securityfocus.com/bid/106527",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866",
"https://seclists.org/bugtraq/2019/May/25",
"https://security.gentoo.org/glsa/201903-07",
"https://security.netapp.com/advisory/ntap-20190117-0001/",
"https://usn.ubuntu.com/3855-1/",
"https://www.debian.org/security/2019/dsa-4367",
"https://www.qualys.com/2019/01/09/system-down/system-down.txt"
]
},
{
"VulnerabilityID": "CVE-2018-16888",
"PkgName": "systemd",
"InstalledVersion": "219-62.el7_6.5",
"FixedVersion": "219-67.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: kills privileged process if unprivileged PIDFile was tampered",
"Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.",
"Severity": "LOW",
"References": [
"https://access.redhat.com/errata/RHSA-2019:2091",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888",
"https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20190307-0007/"
]
},
{
"VulnerabilityID": "CVE-2018-15686",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"FixedVersion": "219-67.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: line splitting via fgets() allows for state injection during daemon-reexec",
"Description": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.",
"Severity": "CRITICAL",
"References": [
"http://www.securityfocus.com/bid/105747",
"https://access.redhat.com/errata/RHSA-2019:2091",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15686",
"https://github.com/systemd/systemd/pull/10519",
"https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html",
"https://security.gentoo.org/glsa/201810-10",
"https://usn.ubuntu.com/3816-1/",
"https://www.exploit-db.com/exploits/45714/"
]
},
{
"VulnerabilityID": "CVE-2018-6954",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files",
"Description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.",
"Severity": "HIGH",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954",
"https://github.com/systemd/systemd/issues/7986",
"https://usn.ubuntu.com/3816-1/",
"https://usn.ubuntu.com/3816-2/"
]
},
{
"VulnerabilityID": "CVE-2017-18078",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: Unsafe handling of hard links allowing privilege escalation",
"Description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-updates/2018-02/msg00109.html",
"http://packetstormsecurity.com/files/146184/systemd-Local-Privilege-Escalation.html",
"http://www.openwall.com/lists/oss-security/2018/01/29/3",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078",
"https://github.com/systemd/systemd/issues/7736",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html",
"https://www.exploit-db.com/exploits/43935/",
"https://www.openwall.com/lists/oss-security/2018/01/29/4"
]
},
{
"VulnerabilityID": "CVE-2019-3842",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: Spoofing of XDG_SEAT allows for actions to be checked against \"allow_active\" instead of \"allow_any\"",
"Description": "In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".",
"Severity": "MEDIUM",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html",
"http://packetstormsecurity.com/files/152610/systemd-Seat-Verification-Active-Session-Spoofing.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3842",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3842",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STR36RJE4ZZIORMDXRERVBHMPRNRTHAC/",
"https://www.exploit-db.com/exploits/46743/"
]
},
{
"VulnerabilityID": "CVE-2013-4392",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts",
"Description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.",
"Severity": "LOW",
"References": [
"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357",
"http://www.openwall.com/lists/oss-security/2013/10/01/9",
"https://bugzilla.redhat.com/show_bug.cgi?id=859060"
]
},
{
"VulnerabilityID": "CVE-2016-6349",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "oci-register-machine: information exposure for docker containers",
"Description": "The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.",
"Severity": "LOW",
"References": [
"http://www.openwall.com/lists/oss-security/2016/07/26/9",
"http://www.openwall.com/lists/oss-security/2016/10/13/7",
"http://www.securityfocus.com/bid/92143",
"https://bugzilla.redhat.com/show_bug.cgi?id=1360634",
"https://github.com/projectatomic/oci-register-machine/pull/22"
]
},
{
"VulnerabilityID": "CVE-2018-16866",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"FixedVersion": "219-67.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: out-of-bounds read when parsing a crafted syslog message",
"Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.",
"Severity": "LOW",
"References": [
"http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html",
"http://seclists.org/fulldisclosure/2019/May/21",
"http://www.openwall.com/lists/oss-security/2019/05/10/4",
"http://www.securityfocus.com/bid/106527",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16866",
"https://seclists.org/bugtraq/2019/May/25",
"https://security.gentoo.org/glsa/201903-07",
"https://security.netapp.com/advisory/ntap-20190117-0001/",
"https://usn.ubuntu.com/3855-1/",
"https://www.debian.org/security/2019/dsa-4367",
"https://www.qualys.com/2019/01/09/system-down/system-down.txt"
]
},
{
"VulnerabilityID": "CVE-2018-16888",
"PkgName": "systemd-libs",
"InstalledVersion": "219-62.el7_6.5",
"FixedVersion": "219-67.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "systemd: kills privileged process if unprivileged PIDFile was tampered",
"Description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.",
"Severity": "LOW",
"References": [
"https://access.redhat.com/errata/RHSA-2019:2091",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888",
"https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20190307-0007/"
]
},
{
"VulnerabilityID": "CVE-2016-6321",
"PkgName": "tar",
"InstalledVersion": "2:1.26-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "tar: Bypassing the extract path name",
"Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d",
"http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html",
"http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html",
"http://seclists.org/fulldisclosure/2016/Oct/102",
"http://seclists.org/fulldisclosure/2016/Oct/96",
"http://www.debian.org/security/2016/dsa-3702",
"http://www.securityfocus.com/bid/93937",
"http://www.ubuntu.com/usn/USN-3132-1",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321",
"https://security.gentoo.org/glsa/201611-19",
"https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt",
"https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt"
]
},
{
"VulnerabilityID": "CVE-2019-9923",
"PkgName": "tar",
"InstalledVersion": "2:1.26-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "tar: null-pointer dereference in pax_decode_header in sparse.c",
"Description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.",
"Severity": "MEDIUM",
"References": [
"http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html",
"http://savannah.gnu.org/bugs/?55369",
"https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241"
]
},
{
"VulnerabilityID": "CVE-2018-20482",
"PkgName": "tar",
"InstalledVersion": "2:1.26-35.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "tar: Infinite read loop in sparse_dump_region function in sparse.c",
"Description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).",
"Severity": "LOW",
"References": [
"http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454",
"http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html",
"http://www.securityfocus.com/bid/106354",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482",
"https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html",
"https://news.ycombinator.com/item?id=18745431",
"https://security.gentoo.org/glsa/201903-05",
"https://twitter.com/thatcks/status/1076166645708668928",
"https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug"
]
},
{
"VulnerabilityID": "CVE-2014-9114",
"PkgName": "util-linux",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: command injection flaw in blkid",
"Description": "Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.",
"Severity": "HIGH",
"References": [
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html",
"http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html",
"http://www.openwall.com/lists/oss-security/2014/11/26/21",
"http://www.securityfocus.com/bid/71327",
"https://bugzilla.redhat.com/show_bug.cgi?id=1168485",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9114",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/98993",
"https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc",
"https://security.gentoo.org/glsa/201612-14"
]
},
{
"VulnerabilityID": "CVE-2016-2779",
"PkgName": "util-linux",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "util-linux: runuser tty hijack via TIOCSTI ioctl",
"Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Severity": "HIGH",
"References": [
"http://www.openwall.com/lists/oss-security/2016/02/27/1",
"http://www.openwall.com/lists/oss-security/2016/02/27/2",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779"
]
},
{
"VulnerabilityID": "CVE-2015-5218",
"PkgName": "util-linux",
"InstalledVersion": "2.23.2-59.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "colcrt: global-buffer-overflow",
"Description": "Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.",
"Severity": "LOW",
"References": [
"http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html",
"http://www.spinics.net/lists/util-linux-ng/msg11873.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=1259322",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218",
"https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8",
"https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec",
"https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes"
]
},
{
"VulnerabilityID": "CVE-2019-12735",
"PkgName": "vim-minimal",
"InstalledVersion": "2:7.4.160-5.el7",
"FixedVersion": "2:7.4.160-6.el7_6",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines",
"Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.",
"Severity": "CRITICAL",
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html",
"http://www.securityfocus.com/bid/108724",
"https://bugs.debian.org/930020",
"https://bugs.debian.org/930024",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735",
"https://github.com/neovim/neovim/pull/10082",
"https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md",
"https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/",
"https://usn.ubuntu.com/4016-1/",
"https://usn.ubuntu.com/4016-2/",
"https://www.debian.org/security/2019/dsa-4467"
]
},
{
"VulnerabilityID": "CVE-2017-5953",
"PkgName": "vim-minimal",
"InstalledVersion": "2:7.4.160-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "vim: Tree length values not validated properly when handling a spell file",
"Description": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.",
"Severity": "HIGH",
"References": [
"http://www.debian.org/security/2017/dsa-3786",
"http://www.securityfocus.com/bid/96217",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953",
"https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d",
"https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY",
"https://security.gentoo.org/glsa/201706-26",
"https://usn.ubuntu.com/4016-1/"
]
},
{
"VulnerabilityID": "CVE-2017-6350",
"PkgName": "vim-minimal",
"InstalledVersion": "2:7.4.160-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "vim: Integer overflow at an unserialize_uep memory allocation site",
"Description": "An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.",
"Severity": "HIGH",
"References": [
"http://www.securityfocus.com/bid/96448",
"http://www.securitytracker.com/id/1037949",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350",
"https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75",
"https://groups.google.com/forum/#!topic/vim_dev/L_dOHOOiQ5Q",
"https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y",
"https://security.gentoo.org/glsa/201706-26"
]
},
{
"VulnerabilityID": "CVE-2017-11109",
"PkgName": "vim-minimal",
"InstalledVersion": "2:7.4.160-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "vim: Use-after-free via crafted file",
"Description": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.",
"Severity": "MEDIUM",
"References": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1468492",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11109",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html",
"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11109.html"
]
},
{
"VulnerabilityID": "CVE-2017-1000382",
"PkgName": "vim-minimal",
"InstalledVersion": "2:7.4.160-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "vim: Ignores umask when creating a swap file",
"Description": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.",
"Severity": "LOW",
"References": [
"http://security.cucumberlinux.com/security/details.php?id=120",
"http://www.openwall.com/lists/oss-security/2017/10/31/1"
]
},
{
"VulnerabilityID": "CVE-2017-17087",
"PkgName": "vim-minimal",
"InstalledVersion": "2:7.4.160-5.el7",
"LayerID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854",
"Title": "vim: Sets the group ownership of a .swp file to the editor's primary group",
"Description": "fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.",
"Severity": "LOW",
"References": [
"http://openwall.com/lists/oss-security/2017/11/27/2",
"http://security.cucumberlinux.com/security/details.php?id=166",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17087",
"https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8",
"https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html"
]
}
]
}
]
Reference in New Issue View Git Blame Copy Permalink