Skip to content

Instantly share code, notes, and snippets.

@madhurnawandar

madhurnawandar/analysis-madhurnawandar-heartbeat-latest.json

Created May 27, 2017 15:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save madhurnawandar/76cc83052a0587aa38cae3ab83b701bb to your computer and use it in GitHub Desktop.
Save madhurnawandar/76cc83052a0587aa38cae3ab83b701bb to your computer and use it in GitHub Desktop.
Download ZIP
blog utils
Raw
analysis-madhurnawandar-heartbeat-latest.json
{
"Registry": "",
"ImageName": "madhurnawandar/heartbeat",
"Tag": "latest",
"Layers": [
{
"Layer": {
"Name": "f3ce93f2745151fe8fbc292330d72a25541f2a451698c0e8182707450063f201",
"ParentName": "738d67d102786313b1acf4edfd19b877b0378dd94ee90ac5a424bba007f0e7d9",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "738d67d102786313b1acf4edfd19b877b0378dd94ee90ac5a424bba007f0e7d9",
"ParentName": "14dfb8014deafbac648a709c1daa11ded43cb719e38cbac1d74a05f585c8afd4",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "14dfb8014deafbac648a709c1daa11ded43cb719e38cbac1d74a05f585c8afd4",
"ParentName": "2ef560f052c7fc6a93b1e63ff607da8fc5592ddda11e9ddff8f37a7501e14afa",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "2ef560f052c7fc6a93b1e63ff607da8fc5592ddda11e9ddff8f37a7501e14afa",
"ParentName": "69a7b8948d35c119efd104c8d05c081a24bfdac0c471c06ccd0930336f24fe42",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "69a7b8948d35c119efd104c8d05c081a24bfdac0c471c06ccd0930336f24fe42",
"ParentName": "a246ec1b625936e77c9d10ca34b9a8e5195fab1bab51f47a796050c5c58de0ab",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "a246ec1b625936e77c9d10ca34b9a8e5195fab1bab51f47a796050c5c58de0ab",
"ParentName": "fc298ae7d5878f393b4566b411eca717ab5ad39f821cafa44573e585ad7992c6",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "fc298ae7d5878f393b4566b411eca717ab5ad39f821cafa44573e585ad7992c6",
"ParentName": "7ebd44baf4fff2cc0adb2cab582f79c7c7dede217b38b77324547a0493a7ff1e",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "7ebd44baf4fff2cc0adb2cab582f79c7c7dede217b38b77324547a0493a7ff1e",
"ParentName": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b",
"IndexedByVersion": 3
}
},
{
"Layer": {
"Name": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b",
"IndexedByVersion": 3,
"Features": [
{
"Name": "sed",
"NamespaceName": "ubuntu:12.04",
"Version": "4.2.1-9",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "slang2",
"NamespaceName": "ubuntu:12.04",
"Version": "2.2.4-3ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "dpkg",
"NamespaceName": "ubuntu:12.04",
"Version": "1.16.1.2ubuntu7.7",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "openssl",
"NamespaceName": "ubuntu:12.04",
"Version": "1.0.1-4ubuntu5.35",
"Vulnerabilities": [
{
"Name": "CVE-2016-2183",
"NamespaceName": "ubuntu:12.04",
"Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2183",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-2181",
"NamespaceName": "ubuntu:12.04",
"Description": "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2181",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-6306",
"NamespaceName": "ubuntu:12.04",
"Description": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6306",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-2105",
"NamespaceName": "ubuntu:12.04",
"Description": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2105",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.36"
},
{
"Name": "CVE-2016-2109",
"NamespaceName": "ubuntu:12.04",
"Description": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2109",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.8,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.36"
},
{
"Name": "CVE-2016-2179",
"NamespaceName": "ubuntu:12.04",
"Description": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2179",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-8610",
"NamespaceName": "ubuntu:12.04",
"Description": "Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8610",
"Severity": "Low",
"FixedBy": "1.0.1-4ubuntu5.39"
},
{
"Name": "CVE-2016-6304",
"NamespaceName": "ubuntu:12.04",
"Description": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6304",
"Severity": "High",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.8,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-2108",
"NamespaceName": "ubuntu:12.04",
"Description": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2108",
"Severity": "High",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 10,
"Vectors": "AV:N/AC:L/Au:N/C:C/I:C"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.36"
},
{
"Name": "CVE-2016-2178",
"NamespaceName": "ubuntu:12.04",
"Description": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2178",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.1,
"Vectors": "AV:L/AC:L/Au:N/C:P/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-2180",
"NamespaceName": "ubuntu:12.04",
"Description": "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2180",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-2107",
"NamespaceName": "ubuntu:12.04",
"Description": "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2107",
"Severity": "High",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.6,
"Vectors": "AV:N/AC:H/Au:N/C:P/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.36"
},
{
"Name": "CVE-2016-2177",
"NamespaceName": "ubuntu:12.04",
"Description": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2177",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.39"
},
{
"Name": "CVE-2016-2182",
"NamespaceName": "ubuntu:12.04",
"Description": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2182",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2017-3731",
"NamespaceName": "ubuntu:12.04",
"Description": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-3731",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.39"
},
{
"Name": "CVE-2016-6302",
"NamespaceName": "ubuntu:12.04",
"Description": "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6302",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-6303",
"NamespaceName": "ubuntu:12.04",
"Description": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6303",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.37"
},
{
"Name": "CVE-2016-2106",
"NamespaceName": "ubuntu:12.04",
"Description": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2106",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.0.1-4ubuntu5.36"
},
{
"Name": "CVE-2016-7056",
"NamespaceName": "ubuntu:12.04",
"Description": "ECDSA P-256 timing attack key recovery",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7056",
"Severity": "Medium",
"FixedBy": "1.0.1-4ubuntu5.39"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "libpciaccess",
"NamespaceName": "ubuntu:12.04",
"Version": "0.12.902-1ubuntu0.2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "debianutils",
"NamespaceName": "ubuntu:12.04",
"Version": "4.2.1ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "db",
"NamespaceName": "ubuntu:12.04",
"Version": "5.1.25-11build1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "procps",
"NamespaceName": "ubuntu:12.04",
"Version": "1:3.2.8-11ubuntu6.4",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "plymouth",
"NamespaceName": "ubuntu:12.04",
"Version": "0.8.2-2ubuntu31.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "adduser",
"NamespaceName": "ubuntu:12.04",
"Version": "3.113ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "cpio",
"NamespaceName": "ubuntu:12.04",
"Version": "2.11-7ubuntu3.2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "pam",
"NamespaceName": "ubuntu:12.04",
"Version": "1.1.3-7ubuntu2",
"Vulnerabilities": [
{
"Name": "CVE-2014-2583",
"NamespaceName": "ubuntu:12.04",
"Description": "Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-2583",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"FixedBy": "1.1.3-7ubuntu2.1"
},
{
"Name": "CVE-2013-7041",
"NamespaceName": "ubuntu:12.04",
"Description": "The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-7041",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:N"
}
}
},
"FixedBy": "1.1.3-7ubuntu2.1"
},
{
"Name": "CVE-2015-3238",
"NamespaceName": "ubuntu:12.04",
"Description": "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-3238",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:N"
}
}
},
"FixedBy": "1.1.3-7ubuntu2.1"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "libdrm",
"NamespaceName": "ubuntu:12.04",
"Version": "2.4.52-1~precise2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "readline6",
"NamespaceName": "ubuntu:12.04",
"Version": "6.2-8",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "insserv",
"NamespaceName": "ubuntu:12.04",
"Version": "1.14.0-2.1ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "shadow",
"NamespaceName": "ubuntu:12.04",
"Version": "1:4.1.4.2+svn3283-3ubuntu5.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "zlib",
"NamespaceName": "ubuntu:12.04",
"Version": "1:1.2.3.4.dfsg-3ubuntu4",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "findutils",
"NamespaceName": "ubuntu:12.04",
"Version": "4.4.2-4ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "libffi",
"NamespaceName": "ubuntu:12.04",
"Version": "3.0.11~rc1-5",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "lsb",
"NamespaceName": "ubuntu:12.04",
"Version": "4.0-0ubuntu20.3",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "perl",
"NamespaceName": "ubuntu:12.04",
"Version": "5.14.2-6ubuntu2.5",
"Vulnerabilities": [
{
"Name": "CVE-2016-1238",
"NamespaceName": "ubuntu:12.04",
"Description": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1238",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.2,
"Vectors": "AV:L/AC:L/Au:N/C:C/I:C"
}
}
},
"FixedBy": "5.22.2-3"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "dash",
"NamespaceName": "ubuntu:12.04",
"Version": "0.5.7-2ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "hostname",
"NamespaceName": "ubuntu:12.04",
"Version": "3.06ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "tar",
"NamespaceName": "ubuntu:12.04",
"Version": "1.26-4ubuntu1",
"Vulnerabilities": [
{
"Name": "CVE-2016-6321",
"NamespaceName": "ubuntu:12.04",
"Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6321",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:P"
}
}
},
"FixedBy": "1.26-4ubuntu1.1"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "acl",
"NamespaceName": "ubuntu:12.04",
"Version": "2.2.51-5ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "elfutils",
"NamespaceName": "ubuntu:12.04",
"Version": "0.152-1ubuntu3.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "sensible-utils",
"NamespaceName": "ubuntu:12.04",
"Version": "0.0.6ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "dbus",
"NamespaceName": "ubuntu:12.04",
"Version": "1.4.18-1ubuntu1.7",
"Vulnerabilities": [
{
"Name": "CVE-2015-0245",
"NamespaceName": "ubuntu:12.04",
"Description": "D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-0245",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 1.9,
"Vectors": "AV:L/AC:M/Au:N/C:N/I:N"
}
}
},
"FixedBy": "1.4.18-1ubuntu1.8"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "apt",
"NamespaceName": "ubuntu:12.04",
"Version": "0.8.16~exp12ubuntu10.26",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "libnih",
"NamespaceName": "ubuntu:12.04",
"Version": "1.0.3-4ubuntu9.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "xz-utils",
"NamespaceName": "ubuntu:12.04",
"Version": "5.1.1alpha+20110809-3",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "iproute",
"NamespaceName": "ubuntu:12.04",
"Version": "20111117-1ubuntu2.3",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "ifupdown",
"NamespaceName": "ubuntu:12.04",
"Version": "0.7~beta2ubuntu11.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "langpack-locales",
"NamespaceName": "ubuntu:12.04",
"Version": "2.13+git20120306-3",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "sysvinit",
"NamespaceName": "ubuntu:12.04",
"Version": "2.88dsf-13.10ubuntu11.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "coreutils",
"NamespaceName": "ubuntu:12.04",
"Version": "8.13-3ubuntu3.3",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "module-init-tools",
"NamespaceName": "ubuntu:12.04",
"Version": "3.16-1ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "diffutils",
"NamespaceName": "ubuntu:12.04",
"Version": "1:3.2-1ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "attr",
"NamespaceName": "ubuntu:12.04",
"Version": "1:2.4.46-5ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "initramfs-tools",
"NamespaceName": "ubuntu:12.04",
"Version": "0.99ubuntu13.5",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "ubuntu-keyring",
"NamespaceName": "ubuntu:12.04",
"Version": "2011.11.21.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "makedev",
"NamespaceName": "ubuntu:12.04",
"Version": "2.3.1-89ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "ncurses",
"NamespaceName": "ubuntu:12.04",
"Version": "5.9-4",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "base-files",
"NamespaceName": "ubuntu:12.04",
"Version": "6.5ubuntu6.8",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "upstart",
"NamespaceName": "ubuntu:12.04",
"Version": "1.5-0ubuntu7.3",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "libpng",
"NamespaceName": "ubuntu:12.04",
"Version": "1.2.46-3ubuntu4.2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "busybox",
"NamespaceName": "ubuntu:12.04",
"Version": "1:1.18.5-1ubuntu4.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "gzip",
"NamespaceName": "ubuntu:12.04",
"Version": "1.4-1ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "klibc",
"NamespaceName": "ubuntu:12.04",
"Version": "1.5.25-1ubuntu2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "e2fsprogs",
"NamespaceName": "ubuntu:12.04",
"Version": "1.42-1ubuntu2.3",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "grep",
"NamespaceName": "ubuntu:12.04",
"Version": "2.10-1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "gnupg",
"NamespaceName": "ubuntu:12.04",
"Version": "1.4.11-3ubuntu2.9",
"Vulnerabilities": [
{
"Name": "CVE-2016-6313",
"NamespaceName": "ubuntu:12.04",
"Description": "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6313",
"Severity": "High",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:N"
}
}
},
"FixedBy": "1.4.11-3ubuntu2.10"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "python2.7",
"NamespaceName": "ubuntu:12.04",
"Version": "2.7.3-0ubuntu3.8",
"Vulnerabilities": [
{
"Name": "CVE-2016-5699",
"NamespaceName": "ubuntu:12.04",
"Description": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5699",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:P"
}
}
},
"FixedBy": "2.7.3-0ubuntu3.9"
},
{
"Name": "CVE-2016-1000110",
"NamespaceName": "ubuntu:12.04",
"Description": "use of HTTP_PROXY flag supplied by attacker in CGI scripts",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1000110",
"Severity": "Medium",
"FixedBy": "2.7.3-0ubuntu3.9"
},
{
"Name": "CVE-2016-0772",
"NamespaceName": "ubuntu:12.04",
"Description": "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0772",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.7.3-0ubuntu3.9"
},
{
"Name": "CVE-2016-5636",
"NamespaceName": "ubuntu:12.04",
"Description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5636",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 10,
"Vectors": "AV:N/AC:L/Au:N/C:C/I:C"
}
}
},
"FixedBy": "2.7.3-0ubuntu3.9"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "mawk",
"NamespaceName": "ubuntu:12.04",
"Version": "1.3.3-17",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "mountall",
"NamespaceName": "ubuntu:12.04",
"Version": "2.36.4ubuntu0.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "bash",
"NamespaceName": "ubuntu:12.04",
"Version": "4.2-2ubuntu2.6",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "python-defaults",
"NamespaceName": "ubuntu:12.04",
"Version": "2.7.3-0ubuntu2.2",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "eglibc",
"NamespaceName": "ubuntu:12.04",
"Version": "2.15-0ubuntu10.13",
"Vulnerabilities": [
{
"Name": "CVE-2013-2207",
"NamespaceName": "ubuntu:12.04",
"Description": "pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2207",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.6,
"Vectors": "AV:L/AC:H/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2015-1781",
"NamespaceName": "ubuntu:12.04",
"Description": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1781",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2015-8778",
"NamespaceName": "ubuntu:12.04",
"Description": "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8778",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2014-8121",
"NamespaceName": "ubuntu:12.04",
"Description": "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8121",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2015-8776",
"NamespaceName": "ubuntu:12.04",
"Description": "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8776",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.4,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:N"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2016-1234",
"NamespaceName": "ubuntu:12.04",
"Description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1234",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "2.15-0ubuntu10.16"
},
{
"Name": "CVE-2016-3075",
"NamespaceName": "ubuntu:12.04",
"Description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3075",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2015-8983",
"NamespaceName": "ubuntu:12.04",
"Description": "Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8983",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.16"
},
{
"Name": "CVE-2015-8984",
"NamespaceName": "ubuntu:12.04",
"Description": "The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8984",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"FixedBy": "2.15-0ubuntu10.16"
},
{
"Name": "CVE-2016-2856",
"NamespaceName": "ubuntu:12.04",
"Description": "pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2856",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.2,
"Vectors": "AV:L/AC:L/Au:N/C:C/I:C"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2015-8777",
"NamespaceName": "ubuntu:12.04",
"Description": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8777",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.1,
"Vectors": "AV:L/AC:L/Au:N/C:N/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2015-8982",
"NamespaceName": "ubuntu:12.04",
"Description": "Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8982",
"Severity": "Medium",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.16"
},
{
"Name": "CVE-2016-4429",
"NamespaceName": "ubuntu:12.04",
"Description": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4429",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.16"
},
{
"Name": "CVE-2015-8779",
"NamespaceName": "ubuntu:12.04",
"Description": "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8779",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "2.15-0ubuntu10.14"
},
{
"Name": "CVE-2016-6323",
"NamespaceName": "ubuntu:12.04",
"Description": "The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6323",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"FixedBy": "2.15-0ubuntu10.16"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "udev",
"NamespaceName": "ubuntu:12.04",
"Version": "175-0ubuntu9.10",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "pcre3",
"NamespaceName": "ubuntu:12.04",
"Version": "8.12-4ubuntu0.1",
"Vulnerabilities": [
{
"Name": "CVE-2015-8393",
"NamespaceName": "ubuntu:12.04",
"Description": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8393",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:N"
}
}
},
"FixedBy": "8.12-4ubuntu0.2"
},
{
"Name": "CVE-2015-2327",
"NamespaceName": "ubuntu:12.04",
"Description": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g\u003c-1\u003e))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-2327",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "8.12-4ubuntu0.2"
},
{
"Name": "CVE-2015-8385",
"NamespaceName": "ubuntu:12.04",
"Description": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8385",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "8.12-4ubuntu0.2"
},
{
"Name": "CVE-2015-8390",
"NamespaceName": "ubuntu:12.04",
"Description": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8390",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "8.12-4ubuntu0.2"
},
{
"Name": "CVE-2015-8387",
"NamespaceName": "ubuntu:12.04",
"Description": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8387",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "8.12-4ubuntu0.2"
},
{
"Name": "CVE-2015-8382",
"NamespaceName": "ubuntu:12.04",
"Description": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8382",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.4,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:N"
}
}
},
"FixedBy": "8.12-4ubuntu0.2"
},
{
"Name": "CVE-2015-8394",
"NamespaceName": "ubuntu:12.04",
"Description": "PCRE before 8.38 mishandles the (?(\u003cdigits\u003e) and (?(R\u003cdigits\u003e) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8394",
"Severity": "Low",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"FixedBy": "8.12-4ubuntu0.2"
}
],
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "util-linux",
"NamespaceName": "ubuntu:12.04",
"Version": "2.20.1-1ubuntu3.1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "libselinux",
"NamespaceName": "ubuntu:12.04",
"Version": "2.1.0-4.1ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "libusb",
"NamespaceName": "ubuntu:12.04",
"Version": "2:0.1.12-20",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "bzip2",
"NamespaceName": "ubuntu:12.04",
"Version": "1.0.6-1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "tzdata",
"NamespaceName": "ubuntu:12.04",
"Version": "2015g-0ubuntu0.12.04",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "base-passwd",
"NamespaceName": "ubuntu:12.04",
"Version": "3.5.24",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "gcc-4.6",
"NamespaceName": "ubuntu:12.04",
"Version": "4.6.3-1ubuntu5",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "debconf",
"NamespaceName": "ubuntu:12.04",
"Version": "1.5.42ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
},
{
"Name": "glib2.0",
"NamespaceName": "ubuntu:12.04",
"Version": "2.32.4-0ubuntu1",
"AddedBy": "c7aacca5143d81df21312b44fc2e7e701c9ed41b7cb0e2e1d713762ca0925d2b"
}
]
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment