Created
October 22, 2023 09:24
-
-
Save shaikkhajaibrahim/a58c8e1aefac4014a24956bcbd808346 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"apiVersion": "aquasecurity.github.io/v1alpha1", | |
"kind": "VulnerabilityReport", | |
"metadata": { | |
"annotations": { | |
"trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s" | |
}, | |
"creationTimestamp": "2023-10-22T09:06:22Z", | |
"generation": 1, | |
"labels": { | |
"resource-spec-hash": "75787f75b5", | |
"trivy-operator.container.name": "nginx", | |
"trivy-operator.resource.kind": "ReplicaSet", | |
"trivy-operator.resource.name": "nginx-85bfcd86d5", | |
"trivy-operator.resource.namespace": "default" | |
}, | |
"name": "replicaset-nginx-85bfcd86d5-nginx", | |
"namespace": "default", | |
"ownerReferences": [ | |
{ | |
"apiVersion": "apps/v1", | |
"blockOwnerDeletion": false, | |
"controller": true, | |
"kind": "ReplicaSet", | |
"name": "nginx-85bfcd86d5", | |
"uid": "db06c0ec-86f5-4754-9432-ee31a241eb25" | |
} | |
], | |
"resourceVersion": "2392", | |
"uid": "81483733-34cd-4792-99cb-4e79aa430a4d" | |
}, | |
"report": { | |
"artifact": { | |
"digest": "sha256:dfcfd8e9a5d38fb82bc8f9c299beba2df2232b7712b62875d5238cead7a5831c", | |
"repository": "library/nginx", | |
"tag": "1.16" | |
}, | |
"registry": { | |
"server": "index.docker.io" | |
}, | |
"scanner": { | |
"name": "Trivy", | |
"vendor": "Aqua Security", | |
"version": "0.45.1" | |
}, | |
"summary": { | |
"criticalCount": 40, | |
"highCount": 107, | |
"lowCount": 129, | |
"mediumCount": 128, | |
"noneCount": 0, | |
"unknownCount": 7 | |
}, | |
"updateTimestamp": "2023-10-22T09:06:22Z", | |
"vulnerabilities": [ | |
{ | |
"fixedVersion": "1.8.2.2", | |
"installedVersion": "1.8.2", | |
"lastModifiedDate": "2022-10-29T02:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27350", | |
"publishedDate": "2020-12-10T04:15:00Z", | |
"resource": "apt", | |
"score": 5.7, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "apt: integer overflows and underflows while parsing .deb packages", | |
"vulnerabilityID": "CVE-2020-27350" | |
}, | |
{ | |
"fixedVersion": "1.8.2.1", | |
"installedVersion": "1.8.2", | |
"lastModifiedDate": "2022-04-27T14:45:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-3810", | |
"publishedDate": "2020-05-15T14:15:00Z", | |
"resource": "apt", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Missing input validation in the ar/tar implementations of APT before v ...", | |
"vulnerabilityID": "CVE-2020-3810" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.8.2", | |
"lastModifiedDate": "2021-02-09T16:08:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-3374", | |
"publishedDate": "2019-11-26T00:15:00Z", | |
"resource": "apt", | |
"score": 3.7, | |
"severity": "LOW", | |
"target": "", | |
"title": "It was found that apt-key in apt, all versions, do not correctly valid ...", | |
"vulnerabilityID": "CVE-2011-3374" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "5.0-4", | |
"lastModifiedDate": "2022-06-07T18:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-18276", | |
"publishedDate": "2019-11-28T01:15:00Z", | |
"resource": "bash", | |
"score": 7.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "when effective UID is not equal to its real UID the saved UID is not dropped", | |
"vulnerabilityID": "CVE-2019-18276" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "bsdutils", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "bsdutils", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.30-3", | |
"lastModifiedDate": "2021-02-25T17:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-2781", | |
"publishedDate": "2017-02-07T15:59:00Z", | |
"resource": "coreutils", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "coreutils: Non-privileged session can escape to the parent session in chroot", | |
"vulnerabilityID": "CVE-2016-2781" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.30-3", | |
"lastModifiedDate": "2018-01-19T15:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-18018", | |
"publishedDate": "2018-01-04T04:29:00Z", | |
"resource": "coreutils", | |
"score": 4.7, | |
"severity": "LOW", | |
"target": "", | |
"title": "coreutils: race condition vulnerability in chown and chgrp", | |
"vulnerabilityID": "CVE-2017-18018" | |
}, | |
{ | |
"fixedVersion": "2019.1+deb10u2", | |
"installedVersion": "2019.1", | |
"lastModifiedDate": "", | |
"links": [], | |
"publishedDate": "", | |
"resource": "debian-archive-keyring", | |
"severity": "UNKNOWN", | |
"target": "", | |
"title": "debian-archive-keyring - security update", | |
"vulnerabilityID": "DLA-3482-1" | |
}, | |
{ | |
"fixedVersion": "1.19.8", | |
"installedVersion": "1.19.7", | |
"lastModifiedDate": "2022-12-03T02:19:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1664", | |
"publishedDate": "2022-05-26T14:15:00Z", | |
"resource": "dpkg", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Dpkg::Source::Archive in dpkg, the Debian package management system, b ...", | |
"vulnerabilityID": "CVE-2022-1664" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.44.5-1+deb10u3", | |
"lastModifiedDate": "2023-02-12T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304", | |
"publishedDate": "2022-04-14T21:15:00Z", | |
"resource": "e2fsprogs", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "out-of-bounds read/write via crafted filesystem", | |
"vulnerabilityID": "CVE-2022-1304" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "fdisk", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "fdisk", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.3.0-6", | |
"lastModifiedDate": "2020-08-24T17:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-12886", | |
"publishedDate": "2019-05-22T19:29:00Z", | |
"resource": "gcc-8-base", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", | |
"vulnerabilityID": "CVE-2018-12886" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.3.0-6", | |
"lastModifiedDate": "2020-09-17T13:38:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-15847", | |
"publishedDate": "2019-09-02T23:15:00Z", | |
"resource": "gcc-8-base", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", | |
"vulnerabilityID": "CVE-2019-15847" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.3.0-6", | |
"lastModifiedDate": "2023-09-14T20:01:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4039", | |
"publishedDate": "2023-09-13T09:15:00Z", | |
"resource": "gcc-8-base", | |
"score": 4.8, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "-fstack-protector fails to guard dynamic stack allocations on ARM64", | |
"vulnerabilityID": "CVE-2023-4039" | |
}, | |
{ | |
"fixedVersion": "2.2.12-1+deb10u2", | |
"installedVersion": "2.2.12-1+deb10u1", | |
"lastModifiedDate": "2022-09-09T20:40:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-34903", | |
"publishedDate": "2022-07-01T22:15:00Z", | |
"resource": "gpgv", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Signature spoofing via status line injection", | |
"vulnerabilityID": "CVE-2022-34903" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.12-1+deb10u1", | |
"lastModifiedDate": "2022-11-08T02:28:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-14855", | |
"publishedDate": "2020-03-20T16:15:00Z", | |
"resource": "gpgv", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "gnupg2: OpenPGP Key Certification Forgeries with SHA-1", | |
"vulnerabilityID": "CVE-2019-14855" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.12-1+deb10u1", | |
"lastModifiedDate": "2023-05-26T16:31:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3219", | |
"publishedDate": "2023-02-23T20:15:00Z", | |
"resource": "gpgv", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "denial of service issue (resource consumption) using compressed packets", | |
"vulnerabilityID": "CVE-2022-3219" | |
}, | |
{ | |
"fixedVersion": "1.9-3+deb10u1", | |
"installedVersion": "1.9-3", | |
"lastModifiedDate": "2022-10-07T14:14:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1271", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "gzip", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "arbitrary-file-write vulnerability", | |
"vulnerabilityID": "CVE-2022-1271" | |
}, | |
{ | |
"fixedVersion": "1.8.2.2", | |
"installedVersion": "1.8.2", | |
"lastModifiedDate": "2022-10-29T02:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27350", | |
"publishedDate": "2020-12-10T04:15:00Z", | |
"resource": "libapt-pkg5.0", | |
"score": 5.7, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "apt: integer overflows and underflows while parsing .deb packages", | |
"vulnerabilityID": "CVE-2020-27350" | |
}, | |
{ | |
"fixedVersion": "1.8.2.1", | |
"installedVersion": "1.8.2", | |
"lastModifiedDate": "2022-04-27T14:45:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-3810", | |
"publishedDate": "2020-05-15T14:15:00Z", | |
"resource": "libapt-pkg5.0", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Missing input validation in the ar/tar implementations of APT before v ...", | |
"vulnerabilityID": "CVE-2020-3810" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.8.2", | |
"lastModifiedDate": "2021-02-09T16:08:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-3374", | |
"publishedDate": "2019-11-26T00:15:00Z", | |
"resource": "libapt-pkg5.0", | |
"score": 3.7, | |
"severity": "LOW", | |
"target": "", | |
"title": "It was found that apt-key in apt, all versions, do not correctly valid ...", | |
"vulnerabilityID": "CVE-2011-3374" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "libblkid1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "libblkid1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "0.9.1-2+deb10u1", | |
"installedVersion": "0.9.1-2", | |
"lastModifiedDate": "2021-04-01T13:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20367", | |
"publishedDate": "2020-01-08T17:15:00Z", | |
"resource": "libbsd0", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...", | |
"vulnerabilityID": "CVE-2019-20367" | |
}, | |
{ | |
"fixedVersion": "1.0.6-9.2~deb10u2", | |
"installedVersion": "1.0.6-9.2~deb10u1", | |
"lastModifiedDate": "", | |
"links": [], | |
"publishedDate": "", | |
"resource": "libbz2-1.0", | |
"severity": "UNKNOWN", | |
"target": "", | |
"title": "bzip2 - bugfix update", | |
"vulnerabilityID": "DLA-3112-1" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33574", | |
"publishedDate": "2021-05-25T22:15:00Z", | |
"resource": "libc-bin", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "mq_notify does not handle separately allocated thread attributes", | |
"vulnerabilityID": "CVE-2021-33574" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-35942", | |
"publishedDate": "2021-07-22T18:15:00Z", | |
"resource": "libc-bin", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Arbitrary read in wordexp()", | |
"vulnerabilityID": "CVE-2021-35942" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23218", | |
"publishedDate": "2022-01-14T07:15:00Z", | |
"resource": "libc-bin", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Stack-based buffer overflow in svcunix_create via long pathnames", | |
"vulnerabilityID": "CVE-2022-23218" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:32:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23219", | |
"publishedDate": "2022-01-14T07:15:00Z", | |
"resource": "libc-bin", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Stack-based buffer overflow in sunrpc clnt_create via a long pathname", | |
"vulnerabilityID": "CVE-2022-23219" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-01-27T18:34:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1751", | |
"publishedDate": "2020-04-17T19:15:00Z", | |
"resource": "libc-bin", | |
"score": 7, | |
"severity": "HIGH", | |
"target": "", | |
"title": "glibc: array overflow in backtrace functions for powerpc", | |
"vulnerabilityID": "CVE-2020-1751" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-10-28T20:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1752", | |
"publishedDate": "2020-04-30T17:15:00Z", | |
"resource": "libc-bin", | |
"score": 7, | |
"severity": "HIGH", | |
"target": "", | |
"title": "use-after-free in glob() function when expanding ~user", | |
"vulnerabilityID": "CVE-2020-1752" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-21T19:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-6096", | |
"publishedDate": "2020-04-01T22:15:00Z", | |
"resource": "libc-bin", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function", | |
"vulnerabilityID": "CVE-2020-6096" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-04T20:07:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3326", | |
"publishedDate": "2021-01-27T20:15:00Z", | |
"resource": "libc-bin", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Assertion failure in ISO-2022-JP-3 gconv module related to combining characters", | |
"vulnerabilityID": "CVE-2021-3326" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-02-12T23:43:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3999", | |
"publishedDate": "2022-08-24T16:15:00Z", | |
"resource": "libc-bin", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Off-by-one buffer overflow/underflow in getcwd()", | |
"vulnerabilityID": "CVE-2021-3999" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-10-17T18:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-10228", | |
"publishedDate": "2017-03-02T01:59:00Z", | |
"resource": "libc-bin", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "glibc: iconv program can hang when invoked with the -c option", | |
"vulnerabilityID": "CVE-2016-10228" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-03T19:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-25013", | |
"publishedDate": "2021-01-04T18:15:00Z", | |
"resource": "libc-bin", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding", | |
"vulnerabilityID": "CVE-2019-25013" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-10T03:31:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10029", | |
"publishedDate": "2020-03-04T15:15:00Z", | |
"resource": "libc-bin", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions", | |
"vulnerabilityID": "CVE-2020-10029" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-10-28T20:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27618", | |
"publishedDate": "2021-02-26T23:15:00Z", | |
"resource": "libc-bin", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop", | |
"vulnerabilityID": "CVE-2020-27618" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-10-05T16:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4806", | |
"publishedDate": "2023-09-18T17:15:00Z", | |
"resource": "libc-bin", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "potential use-after-free in getaddrinfo()", | |
"vulnerabilityID": "CVE-2023-4806" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-10-13T01:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4813", | |
"publishedDate": "2023-09-12T22:15:00Z", | |
"resource": "libc-bin", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "potential use-after-free in gaih_inet()", | |
"vulnerabilityID": "CVE-2023-4813" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2021-09-01T12:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2010-4756", | |
"publishedDate": "2011-03-02T20:00:00Z", | |
"resource": "libc-bin", | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", | |
"vulnerabilityID": "CVE-2010-4756" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2019-11-05T21:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-20796", | |
"publishedDate": "2019-02-26T02:29:00Z", | |
"resource": "libc-bin", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", | |
"vulnerabilityID": "CVE-2018-20796" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2021-06-10T17:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010022", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc-bin", | |
"score": 9.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: stack guard protection bypass", | |
"vulnerabilityID": "CVE-2019-1010022" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-11-16T20:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010023", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc-bin", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", | |
"vulnerabilityID": "CVE-2019-1010023" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-11-16T20:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010024", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc-bin", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: ASLR bypass using cache of thread stack and heap", | |
"vulnerabilityID": "CVE-2019-1010024" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-11-16T20:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010025", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc-bin", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: information disclosure of heap addresses of pthread_created thread", | |
"vulnerabilityID": "CVE-2019-1010025" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T03:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19126", | |
"publishedDate": "2019-11-19T22:15:00Z", | |
"resource": "libc-bin", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", | |
"vulnerabilityID": "CVE-2019-19126" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-08-24T17:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9192", | |
"publishedDate": "2019-02-26T18:29:00Z", | |
"resource": "libc-bin", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", | |
"vulnerabilityID": "CVE-2019-9192" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-04T20:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-27645", | |
"publishedDate": "2021-02-24T15:15:00Z", | |
"resource": "libc-bin", | |
"score": 2.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c", | |
"vulnerabilityID": "CVE-2021-27645" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33574", | |
"publishedDate": "2021-05-25T22:15:00Z", | |
"resource": "libc6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "mq_notify does not handle separately allocated thread attributes", | |
"vulnerabilityID": "CVE-2021-33574" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-35942", | |
"publishedDate": "2021-07-22T18:15:00Z", | |
"resource": "libc6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Arbitrary read in wordexp()", | |
"vulnerabilityID": "CVE-2021-35942" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23218", | |
"publishedDate": "2022-01-14T07:15:00Z", | |
"resource": "libc6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Stack-based buffer overflow in svcunix_create via long pathnames", | |
"vulnerabilityID": "CVE-2022-23218" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T13:32:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23219", | |
"publishedDate": "2022-01-14T07:15:00Z", | |
"resource": "libc6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Stack-based buffer overflow in sunrpc clnt_create via a long pathname", | |
"vulnerabilityID": "CVE-2022-23219" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-01-27T18:34:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1751", | |
"publishedDate": "2020-04-17T19:15:00Z", | |
"resource": "libc6", | |
"score": 7, | |
"severity": "HIGH", | |
"target": "", | |
"title": "glibc: array overflow in backtrace functions for powerpc", | |
"vulnerabilityID": "CVE-2020-1751" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-10-28T20:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1752", | |
"publishedDate": "2020-04-30T17:15:00Z", | |
"resource": "libc6", | |
"score": 7, | |
"severity": "HIGH", | |
"target": "", | |
"title": "use-after-free in glob() function when expanding ~user", | |
"vulnerabilityID": "CVE-2020-1752" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-21T19:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-6096", | |
"publishedDate": "2020-04-01T22:15:00Z", | |
"resource": "libc6", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function", | |
"vulnerabilityID": "CVE-2020-6096" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-04T20:07:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3326", | |
"publishedDate": "2021-01-27T20:15:00Z", | |
"resource": "libc6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Assertion failure in ISO-2022-JP-3 gconv module related to combining characters", | |
"vulnerabilityID": "CVE-2021-3326" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-02-12T23:43:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3999", | |
"publishedDate": "2022-08-24T16:15:00Z", | |
"resource": "libc6", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Off-by-one buffer overflow/underflow in getcwd()", | |
"vulnerabilityID": "CVE-2021-3999" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-10-17T18:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-10228", | |
"publishedDate": "2017-03-02T01:59:00Z", | |
"resource": "libc6", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "glibc: iconv program can hang when invoked with the -c option", | |
"vulnerabilityID": "CVE-2016-10228" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-03T19:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-25013", | |
"publishedDate": "2021-01-04T18:15:00Z", | |
"resource": "libc6", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding", | |
"vulnerabilityID": "CVE-2019-25013" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-10T03:31:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10029", | |
"publishedDate": "2020-03-04T15:15:00Z", | |
"resource": "libc6", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions", | |
"vulnerabilityID": "CVE-2020-10029" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-10-28T20:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27618", | |
"publishedDate": "2021-02-26T23:15:00Z", | |
"resource": "libc6", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop", | |
"vulnerabilityID": "CVE-2020-27618" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-10-05T16:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4806", | |
"publishedDate": "2023-09-18T17:15:00Z", | |
"resource": "libc6", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "potential use-after-free in getaddrinfo()", | |
"vulnerabilityID": "CVE-2023-4806" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2023-10-13T01:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4813", | |
"publishedDate": "2023-09-12T22:15:00Z", | |
"resource": "libc6", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "potential use-after-free in gaih_inet()", | |
"vulnerabilityID": "CVE-2023-4813" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2021-09-01T12:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2010-4756", | |
"publishedDate": "2011-03-02T20:00:00Z", | |
"resource": "libc6", | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", | |
"vulnerabilityID": "CVE-2010-4756" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2019-11-05T21:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-20796", | |
"publishedDate": "2019-02-26T02:29:00Z", | |
"resource": "libc6", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", | |
"vulnerabilityID": "CVE-2018-20796" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2021-06-10T17:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010022", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc6", | |
"score": 9.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: stack guard protection bypass", | |
"vulnerabilityID": "CVE-2019-1010022" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-11-16T20:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010023", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc6", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", | |
"vulnerabilityID": "CVE-2019-1010023" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-11-16T20:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010024", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc6", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: ASLR bypass using cache of thread stack and heap", | |
"vulnerabilityID": "CVE-2019-1010024" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-11-16T20:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010025", | |
"publishedDate": "2019-07-15T04:15:00Z", | |
"resource": "libc6", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: information disclosure of heap addresses of pthread_created thread", | |
"vulnerabilityID": "CVE-2019-1010025" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-08T03:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19126", | |
"publishedDate": "2019-11-19T22:15:00Z", | |
"resource": "libc6", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries", | |
"vulnerabilityID": "CVE-2019-19126" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2020-08-24T17:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9192", | |
"publishedDate": "2019-02-26T18:29:00Z", | |
"resource": "libc6", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", | |
"vulnerabilityID": "CVE-2019-9192" | |
}, | |
{ | |
"fixedVersion": "2.28-10+deb10u2", | |
"installedVersion": "2.28-10", | |
"lastModifiedDate": "2022-11-04T20:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-27645", | |
"publishedDate": "2021-02-24T15:15:00Z", | |
"resource": "libc6", | |
"score": 2.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c", | |
"vulnerabilityID": "CVE-2021-27645" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.44.5-1+deb10u3", | |
"lastModifiedDate": "2023-02-12T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304", | |
"publishedDate": "2022-04-14T21:15:00Z", | |
"resource": "libcom-err2", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "out-of-bounds read/write via crafted filesystem", | |
"vulnerabilityID": "CVE-2022-1304" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "5.3.28+dfsg1-0.5", | |
"lastModifiedDate": "2021-07-31T08:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-8457", | |
"publishedDate": "2019-05-30T16:29:00Z", | |
"resource": "libdb5.3", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "heap out-of-bound read in function rtreenode()", | |
"vulnerabilityID": "CVE-2019-8457" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T15:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22822", | |
"publishedDate": "2022-01-10T14:12:00Z", | |
"resource": "libexpat1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Integer overflow in addBinding in xmlparse.c", | |
"vulnerabilityID": "CVE-2022-22822" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T14:47:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22823", | |
"publishedDate": "2022-01-10T14:12:00Z", | |
"resource": "libexpat1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Integer overflow in build_model in xmlparse.c", | |
"vulnerabilityID": "CVE-2022-22823" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T14:47:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22824", | |
"publishedDate": "2022-01-10T14:12:00Z", | |
"resource": "libexpat1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Integer overflow in defineAttribute in xmlparse.c", | |
"vulnerabilityID": "CVE-2022-22824" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-29T02:44:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23852", | |
"publishedDate": "2022-01-24T02:15:00Z", | |
"resource": "libexpat1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Integer overflow in function XML_GetBuffer", | |
"vulnerabilityID": "CVE-2022-23852" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u3", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-07T15:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25235", | |
"publishedDate": "2022-02-16T01:15:00Z", | |
"resource": "libexpat1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution", | |
"vulnerabilityID": "CVE-2022-25235" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u3", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-07T00:58:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25236", | |
"publishedDate": "2022-02-16T01:15:00Z", | |
"resource": "libexpat1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "prefix]\" attribute values can lead to arbitrary code execution", | |
"vulnerabilityID": "CVE-2022-25236" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u3", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-05T21:00:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25315", | |
"publishedDate": "2022-02-18T05:15:00Z", | |
"resource": "libexpat1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Integer overflow in storeRawNames()", | |
"vulnerabilityID": "CVE-2022-25315" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T19:08:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-45960", | |
"publishedDate": "2022-01-01T19:15:00Z", | |
"resource": "libexpat1", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Large number of prefixed XML attributes on a single tag can crash libexpat", | |
"vulnerabilityID": "CVE-2021-45960" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T19:11:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-46143", | |
"publishedDate": "2022-01-06T04:15:00Z", | |
"resource": "libexpat1", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Integer overflow in doProlog in xmlparse.c", | |
"vulnerabilityID": "CVE-2021-46143" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T14:47:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22825", | |
"publishedDate": "2022-01-10T14:12:00Z", | |
"resource": "libexpat1", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Integer overflow in lookup in xmlparse.c", | |
"vulnerabilityID": "CVE-2022-22825" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T12:44:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22826", | |
"publishedDate": "2022-01-10T14:12:00Z", | |
"resource": "libexpat1", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Integer overflow in nextScaffoldPart in xmlparse.c", | |
"vulnerabilityID": "CVE-2022-22826" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-06T12:52:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22827", | |
"publishedDate": "2022-01-10T14:12:00Z", | |
"resource": "libexpat1", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Integer overflow in storeAtts in xmlparse.c", | |
"vulnerabilityID": "CVE-2022-22827" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u2", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-31T17:44:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23990", | |
"publishedDate": "2022-01-26T19:15:00Z", | |
"resource": "libexpat1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "integer overflow in the doProlog function", | |
"vulnerabilityID": "CVE-2022-23990" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u3", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-10-05T20:59:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25314", | |
"publishedDate": "2022-02-18T05:15:00Z", | |
"resource": "libexpat1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Integer overflow in copyString()", | |
"vulnerabilityID": "CVE-2022-25314" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u5", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2023-02-01T19:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40674", | |
"publishedDate": "2022-09-14T11:15:00Z", | |
"resource": "libexpat1", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "a use-after-free in the doContent function in xmlparse.c", | |
"vulnerabilityID": "CVE-2022-40674" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u6", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2022-12-02T23:00:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-43680", | |
"publishedDate": "2022-10-24T14:15:00Z", | |
"resource": "libexpat1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate", | |
"vulnerabilityID": "CVE-2022-43680" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u3", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2023-08-08T14:22:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25313", | |
"publishedDate": "2022-02-18T05:15:00Z", | |
"resource": "libexpat1", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Stack exhaustion in doctype parsing", | |
"vulnerabilityID": "CVE-2022-25313" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "2023-02-13T04:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-0340", | |
"publishedDate": "2014-01-21T18:55:00Z", | |
"resource": "libexpat1", | |
"severity": "LOW", | |
"target": "", | |
"title": "expat: internal entity expansion", | |
"vulnerabilityID": "CVE-2013-0340" | |
}, | |
{ | |
"fixedVersion": "2.2.6-2+deb10u4", | |
"installedVersion": "2.2.6-2+deb10u1", | |
"lastModifiedDate": "", | |
"links": [], | |
"publishedDate": "", | |
"resource": "libexpat1", | |
"severity": "UNKNOWN", | |
"target": "", | |
"title": "expat - regression update", | |
"vulnerabilityID": "DSA-5085-2" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.44.5-1+deb10u3", | |
"lastModifiedDate": "2023-02-12T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304", | |
"publishedDate": "2022-04-14T21:15:00Z", | |
"resource": "libext2fs2", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "out-of-bounds read/write via crafted filesystem", | |
"vulnerabilityID": "CVE-2022-1304" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "libfdisk1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "libfdisk1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "2.9.1-3+deb10u3", | |
"installedVersion": "2.9.1-3+deb10u1", | |
"lastModifiedDate": "2022-07-27T13:44:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27404", | |
"publishedDate": "2022-04-22T14:15:00Z", | |
"resource": "libfreetype6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Buffer overflow in sfnt_init_face", | |
"vulnerabilityID": "CVE-2022-27404" | |
}, | |
{ | |
"fixedVersion": "2.9.1-3+deb10u3", | |
"installedVersion": "2.9.1-3+deb10u1", | |
"lastModifiedDate": "2022-07-27T16:04:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27405", | |
"publishedDate": "2022-04-22T14:15:00Z", | |
"resource": "libfreetype6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Segmentation violation via FNT_Size_Request", | |
"vulnerabilityID": "CVE-2022-27405" | |
}, | |
{ | |
"fixedVersion": "2.9.1-3+deb10u3", | |
"installedVersion": "2.9.1-3+deb10u1", | |
"lastModifiedDate": "2022-07-27T16:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27406", | |
"publishedDate": "2022-04-22T14:15:00Z", | |
"resource": "libfreetype6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Segmentation violation via FT_Request_Size", | |
"vulnerabilityID": "CVE-2022-27406" | |
}, | |
{ | |
"fixedVersion": "2.9.1-3+deb10u2", | |
"installedVersion": "2.9.1-3+deb10u1", | |
"lastModifiedDate": "2022-01-28T17:40:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-15999", | |
"publishedDate": "2020-11-03T03:15:00Z", | |
"resource": "libfreetype6", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png", | |
"vulnerabilityID": "CVE-2020-15999" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.9.1-3+deb10u1", | |
"lastModifiedDate": "2022-06-10T18:08:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-31782", | |
"publishedDate": "2022-06-02T14:15:00Z", | |
"resource": "libfreetype6", | |
"score": 7.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...", | |
"vulnerabilityID": "CVE-2022-31782" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:8.3.0-6", | |
"lastModifiedDate": "2020-08-24T17:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-12886", | |
"publishedDate": "2019-05-22T19:29:00Z", | |
"resource": "libgcc1", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", | |
"vulnerabilityID": "CVE-2018-12886" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:8.3.0-6", | |
"lastModifiedDate": "2020-09-17T13:38:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-15847", | |
"publishedDate": "2019-09-02T23:15:00Z", | |
"resource": "libgcc1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", | |
"vulnerabilityID": "CVE-2019-15847" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:8.3.0-6", | |
"lastModifiedDate": "2023-09-14T20:01:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4039", | |
"publishedDate": "2023-09-13T09:15:00Z", | |
"resource": "libgcc1", | |
"score": 4.8, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "-fstack-protector fails to guard dynamic stack allocations on ARM64", | |
"vulnerabilityID": "CVE-2023-4039" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.8.4-5", | |
"lastModifiedDate": "2022-12-07T01:20:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33560", | |
"publishedDate": "2021-06-08T11:15:00Z", | |
"resource": "libgcrypt20", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm", | |
"vulnerabilityID": "CVE-2021-33560" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.8.4-5", | |
"lastModifiedDate": "2021-07-21T11:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-13627", | |
"publishedDate": "2019-09-25T15:15:00Z", | |
"resource": "libgcrypt20", | |
"score": 6.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "ECDSA timing attack allowing private key leak", | |
"vulnerabilityID": "CVE-2019-13627" | |
}, | |
{ | |
"fixedVersion": "1.8.4-5+deb10u1", | |
"installedVersion": "1.8.4-5", | |
"lastModifiedDate": "2022-12-07T01:36:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-40528", | |
"publishedDate": "2021-09-06T19:15:00Z", | |
"resource": "libgcrypt20", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "ElGamal implementation allows plaintext recovery", | |
"vulnerabilityID": "CVE-2021-40528" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.8.4-5", | |
"lastModifiedDate": "2020-01-15T20:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-6829", | |
"publishedDate": "2018-02-07T23:29:00Z", | |
"resource": "libgcrypt20", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", | |
"vulnerabilityID": "CVE-2018-6829" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.5-5.2", | |
"lastModifiedDate": "2020-02-27T19:09:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-6363", | |
"publishedDate": "2020-02-27T05:15:00Z", | |
"resource": "libgd3", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap- ...", | |
"vulnerabilityID": "CVE-2017-6363" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.5-5.2", | |
"lastModifiedDate": "2021-08-11T19:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-38115", | |
"publishedDate": "2021-08-04T21:15:00Z", | |
"resource": "libgd3", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...", | |
"vulnerabilityID": "CVE-2021-38115" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.5-5.2", | |
"lastModifiedDate": "2021-09-15T15:07:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-40812", | |
"publishedDate": "2021-09-08T21:15:00Z", | |
"resource": "libgd3", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...", | |
"vulnerabilityID": "CVE-2021-40812" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.5-5.2", | |
"lastModifiedDate": "2021-12-30T22:04:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14553", | |
"publishedDate": "2020-02-11T13:15:00Z", | |
"resource": "libgd3", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "gd: NULL pointer dereference in gdImageClone", | |
"vulnerabilityID": "CVE-2018-14553" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.2.5-5.2", | |
"lastModifiedDate": "2021-09-01T21:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-40145", | |
"publishedDate": "2021-08-26T01:15:00Z", | |
"resource": "libgd3", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) throu ...", | |
"vulnerabilityID": "CVE-2021-40145" | |
}, | |
{ | |
"fixedVersion": "2:6.1.2+dfsg-4+deb10u1", | |
"installedVersion": "2:6.1.2+dfsg-4", | |
"lastModifiedDate": "2023-09-29T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-43618", | |
"publishedDate": "2021-11-15T04:15:00Z", | |
"resource": "libgmp10", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Integer overflow and resultant buffer overflow via crafted input", | |
"vulnerabilityID": "CVE-2021-43618" | |
}, | |
{ | |
"fixedVersion": "3.6.7-4+deb10u7", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2021-06-01T14:07:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20231", | |
"publishedDate": "2021-03-12T19:15:00Z", | |
"resource": "libgnutls30", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "gnutls: Use after free in client key_share extension", | |
"vulnerabilityID": "CVE-2021-20231" | |
}, | |
{ | |
"fixedVersion": "3.6.7-4+deb10u7", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2021-05-17T14:30:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20232", | |
"publishedDate": "2021-03-12T19:15:00Z", | |
"resource": "libgnutls30", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c", | |
"vulnerabilityID": "CVE-2021-20232" | |
}, | |
{ | |
"fixedVersion": "3.6.7-4+deb10u4", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2023-03-01T16:48:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13777", | |
"publishedDate": "2020-06-04T07:15:00Z", | |
"resource": "libgnutls30", | |
"score": 7.4, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gnutls: session resumption works without master key allowing MITM", | |
"vulnerabilityID": "CVE-2020-13777" | |
}, | |
{ | |
"fixedVersion": "3.6.7-4+deb10u7", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2023-02-27T15:30:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-24659", | |
"publishedDate": "2020-09-04T15:15:00Z", | |
"resource": "libgnutls30", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent", | |
"vulnerabilityID": "CVE-2020-24659" | |
}, | |
{ | |
"fixedVersion": "3.6.7-4+deb10u9", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2022-08-19T12:10:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2509", | |
"publishedDate": "2022-08-01T14:15:00Z", | |
"resource": "libgnutls30", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Double free during gnutls_pkcs7_verify", | |
"vulnerabilityID": "CVE-2022-2509" | |
}, | |
{ | |
"fixedVersion": "3.6.7-4+deb10u10", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2023-07-25T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0361", | |
"publishedDate": "2023-02-15T18:15:00Z", | |
"resource": "libgnutls30", | |
"score": 7.4, | |
"severity": "HIGH", | |
"target": "", | |
"title": "timing side-channel in the TLS RSA key exchange code", | |
"vulnerabilityID": "CVE-2023-0361" | |
}, | |
{ | |
"fixedVersion": "3.6.7-4+deb10u9", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2022-10-27T16:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-4209", | |
"publishedDate": "2022-08-24T16:15:00Z", | |
"resource": "libgnutls30", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Null pointer dereference in MD_UPDATE", | |
"vulnerabilityID": "CVE-2021-4209" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "3.6.7-4+deb10u3", | |
"lastModifiedDate": "2022-11-29T15:56:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-3389", | |
"publishedDate": "2011-09-06T19:55:00Z", | |
"resource": "libgnutls30", | |
"severity": "LOW", | |
"target": "", | |
"title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", | |
"vulnerabilityID": "CVE-2011-3389" | |
}, | |
{ | |
"fixedVersion": "3.4.1-1+deb10u1", | |
"installedVersion": "3.4.1-1", | |
"lastModifiedDate": "2021-12-06T13:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20305", | |
"publishedDate": "2021-04-05T22:15:00Z", | |
"resource": "libhogweed4", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "nettle: Out of bounds memory access in signature verification", | |
"vulnerabilityID": "CVE-2021-20305" | |
}, | |
{ | |
"fixedVersion": "3.4.1-1+deb10u1", | |
"installedVersion": "3.4.1-1", | |
"lastModifiedDate": "2021-11-26T21:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3580", | |
"publishedDate": "2021-08-05T21:15:00Z", | |
"resource": "libhogweed4", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Remote crash in RSA decryption via manipulated ciphertext", | |
"vulnerabilityID": "CVE-2021-3580" | |
}, | |
{ | |
"fixedVersion": "63.1-6+deb10u2", | |
"installedVersion": "63.1-6+deb10u1", | |
"lastModifiedDate": "2021-11-29T17:20:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-21913", | |
"publishedDate": "2021-09-20T14:15:00Z", | |
"resource": "libicu63", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp", | |
"vulnerabilityID": "CVE-2020-21913" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.0.5-1+deb10u1", | |
"lastModifiedDate": "2019-10-29T19:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-12290", | |
"publishedDate": "2019-10-22T16:15:00Z", | |
"resource": "libidn2-0", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ...", | |
"vulnerabilityID": "CVE-2019-12290" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.1-3.1+b2", | |
"lastModifiedDate": "2021-02-25T17:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-9937", | |
"publishedDate": "2017-06-26T12:29:00Z", | |
"resource": "libjbig0", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: memory malloc failure in tif_jbig.c could cause DOS.", | |
"vulnerabilityID": "CVE-2017-9937" | |
}, | |
{ | |
"fixedVersion": "1:1.5.2-2+deb10u1", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2020-10-20T13:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13790", | |
"publishedDate": "2020-06-03T19:15:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "heap-based buffer over-read in get_rgb_row() in rdppm.c", | |
"vulnerabilityID": "CVE-2020-13790" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2022-09-20T17:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35538", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Null pointer dereference in jcopy_sample_rows() function", | |
"vulnerabilityID": "CVE-2020-35538" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2022-08-15T15:52:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-46822", | |
"publishedDate": "2022-06-18T16:15:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c", | |
"vulnerabilityID": "CVE-2021-46822" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2018-07-11T01:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-15232", | |
"publishedDate": "2017-10-11T03:29:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libjpeg-turbo: NULL pointer dereference in jdpostct.c and jquant1.c", | |
"vulnerabilityID": "CVE-2017-15232" | |
}, | |
{ | |
"fixedVersion": "1:1.5.2-2+deb10u1", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2020-07-31T21:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-1152", | |
"publishedDate": "2018-06-18T14:29:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libjpeg-turbo: Divide by zero allows for denial of service via crafted BMP image", | |
"vulnerabilityID": "CVE-2018-1152" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2020-06-25T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-11813", | |
"publishedDate": "2018-06-06T03:29:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "\"cjpeg\" utility large loop because read_pixel in rdtarga.c mishandles EOF", | |
"vulnerabilityID": "CVE-2018-11813" | |
}, | |
{ | |
"fixedVersion": "1:1.5.2-2+deb10u1", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2020-07-31T21:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14498", | |
"publishedDate": "2019-03-07T23:29:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service", | |
"vulnerabilityID": "CVE-2018-14498" | |
}, | |
{ | |
"fixedVersion": "1:1.5.2-2+deb10u1", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2022-06-02T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-2201", | |
"publishedDate": "2019-11-13T18:15:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 7.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images", | |
"vulnerabilityID": "CVE-2019-2201" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:1.5.2-2+b1", | |
"lastModifiedDate": "2022-11-07T14:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-17541", | |
"publishedDate": "2021-06-01T15:15:00Z", | |
"resource": "libjpeg62-turbo", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "Stack-based buffer overflow in the \"transform\" component", | |
"vulnerabilityID": "CVE-2020-17541" | |
}, | |
{ | |
"fixedVersion": "1.8.3-1+deb10u1", | |
"installedVersion": "1.8.3-1", | |
"lastModifiedDate": "2023-02-12T23:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3520", | |
"publishedDate": "2021-06-02T13:15:00Z", | |
"resource": "liblz4-1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "memory corruption due to an integer overflow bug caused by memmove argument", | |
"vulnerabilityID": "CVE-2021-3520" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.8.3-1", | |
"lastModifiedDate": "2021-07-23T12:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-17543", | |
"publishedDate": "2019-10-14T02:15:00Z", | |
"resource": "liblz4-1", | |
"score": 8.1, | |
"severity": "LOW", | |
"target": "", | |
"title": "lz4: heap-based buffer overflow in LZ4_write32", | |
"vulnerabilityID": "CVE-2019-17543" | |
}, | |
{ | |
"fixedVersion": "5.2.4-1+deb10u1", | |
"installedVersion": "5.2.4-1", | |
"lastModifiedDate": "2022-10-07T14:14:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1271", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "liblzma5", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "arbitrary-file-write vulnerability", | |
"vulnerabilityID": "CVE-2022-1271" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "libmount1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "libmount1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u3", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2022-11-08T19:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458", | |
"publishedDate": "2022-04-18T21:15:00Z", | |
"resource": "libncursesw6", | |
"score": 7.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "segfaulting OOB read", | |
"vulnerabilityID": "CVE-2022-29458" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-09-09T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491", | |
"publishedDate": "2023-04-14T01:15:00Z", | |
"resource": "libncursesw6", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Local users can trigger security-relevant memory corruption via malformed data", | |
"vulnerabilityID": "CVE-2023-29491" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u4", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-10-20T21:21:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189", | |
"publishedDate": "2023-08-22T19:16:00Z", | |
"resource": "libncursesw6", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "997", | |
"vulnerabilityID": "CVE-2020-19189" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-04-27T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537", | |
"publishedDate": "2021-09-20T16:15:00Z", | |
"resource": "libncursesw6", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", | |
"vulnerabilityID": "CVE-2021-39537" | |
}, | |
{ | |
"fixedVersion": "3.4.1-1+deb10u1", | |
"installedVersion": "3.4.1-1", | |
"lastModifiedDate": "2021-12-06T13:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20305", | |
"publishedDate": "2021-04-05T22:15:00Z", | |
"resource": "libnettle6", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "nettle: Out of bounds memory access in signature verification", | |
"vulnerabilityID": "CVE-2021-20305" | |
}, | |
{ | |
"fixedVersion": "3.4.1-1+deb10u1", | |
"installedVersion": "3.4.1-1", | |
"lastModifiedDate": "2021-11-26T21:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3580", | |
"publishedDate": "2021-08-05T21:15:00Z", | |
"resource": "libnettle6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Remote crash in RSA decryption via manipulated ciphertext", | |
"vulnerabilityID": "CVE-2021-3580" | |
}, | |
{ | |
"fixedVersion": "0.23.15-2+deb10u1", | |
"installedVersion": "0.23.15-2", | |
"lastModifiedDate": "2022-08-06T03:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-29361", | |
"publishedDate": "2020-12-16T14:15:00Z", | |
"resource": "libp11-kit0", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "integer overflow when allocating memory for arrays or attributes and object identifiers", | |
"vulnerabilityID": "CVE-2020-29361" | |
}, | |
{ | |
"fixedVersion": "0.23.15-2+deb10u1", | |
"installedVersion": "0.23.15-2", | |
"lastModifiedDate": "2022-05-12T14:47:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-29363", | |
"publishedDate": "2020-12-16T14:15:00Z", | |
"resource": "libp11-kit0", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c", | |
"vulnerabilityID": "CVE-2020-29363" | |
}, | |
{ | |
"fixedVersion": "0.23.15-2+deb10u1", | |
"installedVersion": "0.23.15-2", | |
"lastModifiedDate": "2021-01-11T16:50:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-29362", | |
"publishedDate": "2020-12-16T14:15:00Z", | |
"resource": "libp11-kit0", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c", | |
"vulnerabilityID": "CVE-2020-29362" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2:8.39-12", | |
"lastModifiedDate": "2022-12-03T03:00:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14155", | |
"publishedDate": "2020-06-15T17:15:00Z", | |
"resource": "libpcre3", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "pcre: Integer overflow when parsing callout numeric arguments", | |
"vulnerabilityID": "CVE-2020-14155" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2:8.39-12", | |
"lastModifiedDate": "2023-04-12T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-11164", | |
"publishedDate": "2017-07-11T03:29:00Z", | |
"resource": "libpcre3", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "OP_KETRMAX feature in the match function in pcre_exec.c", | |
"vulnerabilityID": "CVE-2017-11164" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2:8.39-12", | |
"lastModifiedDate": "2019-04-02T13:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-16231", | |
"publishedDate": "2019-03-21T15:59:00Z", | |
"resource": "libpcre3", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service", | |
"vulnerabilityID": "CVE-2017-16231" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2:8.39-12", | |
"lastModifiedDate": "2018-08-17T10:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-7245", | |
"publishedDate": "2017-03-23T21:59:00Z", | |
"resource": "libpcre3", | |
"score": 7.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "stack-based buffer overflow write in pcre32_copy_substring", | |
"vulnerabilityID": "CVE-2017-7245" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2:8.39-12", | |
"lastModifiedDate": "2018-08-17T10:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-7246", | |
"publishedDate": "2017-03-23T21:59:00Z", | |
"resource": "libpcre3", | |
"score": 7.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "stack-based buffer overflow write in pcre32_copy_substring", | |
"vulnerabilityID": "CVE-2017-7246" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2:8.39-12", | |
"lastModifiedDate": "2021-09-22T14:22:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20838", | |
"publishedDate": "2020-06-15T17:15:00Z", | |
"resource": "libpcre3", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1", | |
"vulnerabilityID": "CVE-2019-20838" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.6.36-6", | |
"lastModifiedDate": "2022-06-27T17:35:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14048", | |
"publishedDate": "2018-07-13T16:29:00Z", | |
"resource": "libpng16-16", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "png_free_data function causing denial of service", | |
"vulnerabilityID": "CVE-2018-14048" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.6.36-6", | |
"lastModifiedDate": "2023-03-01T01:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14550", | |
"publishedDate": "2019-07-10T12:15:00Z", | |
"resource": "libpng16-16", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution", | |
"vulnerabilityID": "CVE-2018-14550" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.6.36-6", | |
"lastModifiedDate": "2020-08-24T17:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-6129", | |
"publishedDate": "2019-01-11T05:29:00Z", | |
"resource": "libpng16-16", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libpng: memory leak of png_info struct in pngcp.c", | |
"vulnerabilityID": "CVE-2019-6129" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.6.36-6", | |
"lastModifiedDate": "2022-11-08T02:32:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-4214", | |
"publishedDate": "2022-08-24T16:15:00Z", | |
"resource": "libpng16-16", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libpng: hardcoded value leads to heap-overflow", | |
"vulnerabilityID": "CVE-2021-4214" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.3.3-4", | |
"lastModifiedDate": "2020-08-24T17:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9893", | |
"publishedDate": "2019-03-21T16:01:00Z", | |
"resource": "libseccomp2", | |
"score": 9.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "libseccomp: incorrect generation of syscall filters in libseccomp", | |
"vulnerabilityID": "CVE-2019-9893" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.8-1", | |
"lastModifiedDate": "2021-11-17T03:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36084", | |
"publishedDate": "2021-07-01T03:15:00Z", | |
"resource": "libsepol1", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "libsepol: use-after-free in __cil_verify_classperms()", | |
"vulnerabilityID": "CVE-2021-36084" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.8-1", | |
"lastModifiedDate": "2021-11-17T03:26:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36085", | |
"publishedDate": "2021-07-01T03:15:00Z", | |
"resource": "libsepol1", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "libsepol: use-after-free in __cil_verify_classperms()", | |
"vulnerabilityID": "CVE-2021-36085" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.8-1", | |
"lastModifiedDate": "2021-11-17T03:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36086", | |
"publishedDate": "2021-07-01T03:15:00Z", | |
"resource": "libsepol1", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "use-after-free in cil_reset_classpermission()", | |
"vulnerabilityID": "CVE-2021-36086" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.8-1", | |
"lastModifiedDate": "2021-11-17T14:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36087", | |
"publishedDate": "2021-07-01T03:15:00Z", | |
"resource": "libsepol1", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "libsepol: heap-based buffer overflow in ebitmap_match_any()", | |
"vulnerabilityID": "CVE-2021-36087" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "libsmartcols1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "libsmartcols1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.44.5-1+deb10u3", | |
"lastModifiedDate": "2023-02-12T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304", | |
"publishedDate": "2022-04-14T21:15:00Z", | |
"resource": "libss2", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "out-of-bounds read/write via crafted filesystem", | |
"vulnerabilityID": "CVE-2022-1304" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u7", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-12-06T21:23:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3711", | |
"publishedDate": "2021-08-24T15:15:00Z", | |
"resource": "libssl1.1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "SM2 Decryption Buffer Overflow", | |
"vulnerabilityID": "CVE-2021-3711" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u2", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-02-14T12:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1292", | |
"publishedDate": "2022-05-03T16:15:00Z", | |
"resource": "libssl1.1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "c_rehash script allows command injection", | |
"vulnerabilityID": "CVE-2022-1292" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u3", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-03-01T16:23:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2068", | |
"publishedDate": "2022-06-21T15:15:00Z", | |
"resource": "libssl1.1", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "the c_rehash script allows command injection", | |
"vulnerabilityID": "CVE-2022-2068" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u5", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-08-29T20:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-23840", | |
"publishedDate": "2021-02-16T17:15:00Z", | |
"resource": "libssl1.1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "integer overflow in CipherUpdate", | |
"vulnerabilityID": "CVE-2021-23840" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u7", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-12-06T21:23:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3712", | |
"publishedDate": "2021-08-24T15:15:00Z", | |
"resource": "libssl1.1", | |
"score": 7.4, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Read buffer overruns processing ASN.1 strings", | |
"vulnerabilityID": "CVE-2021-3712" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u8", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-11-09T20:43:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0778", | |
"publishedDate": "2022-03-15T17:15:00Z", | |
"resource": "libssl1.1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates", | |
"vulnerabilityID": "CVE-2022-0778" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u4", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-07-19T00:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4450", | |
"publishedDate": "2023-02-08T20:15:00Z", | |
"resource": "libssl1.1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "double free after calling PEM_read_bio_ex", | |
"vulnerabilityID": "CVE-2022-4450" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u4", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-07-19T00:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0215", | |
"publishedDate": "2023-02-08T20:15:00Z", | |
"resource": "libssl1.1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "use-after-free following BIO_new_NDEF", | |
"vulnerabilityID": "CVE-2023-0215" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u4", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-07-19T00:54:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0286", | |
"publishedDate": "2023-02-08T20:15:00Z", | |
"resource": "libssl1.1", | |
"score": 7.4, | |
"severity": "HIGH", | |
"target": "", | |
"title": "X.400 address type confusion in X.509 GeneralName", | |
"vulnerabilityID": "CVE-2023-0286" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u5", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-06-08T19:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0464", | |
"publishedDate": "2023-03-22T17:15:00Z", | |
"resource": "libssl1.1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Denial of service by excessive resource usage in verifying X509 policy constraints", | |
"vulnerabilityID": "CVE-2023-0464" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u5", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-04-19T15:36:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1551", | |
"publishedDate": "2019-12-06T18:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Integer overflow in RSAZ modular exponentiation on x86_64", | |
"vulnerabilityID": "CVE-2019-1551" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u4", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-08-29T20:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1971", | |
"publishedDate": "2020-12-08T16:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "openssl: EDIPARTYNAME NULL pointer de-reference", | |
"vulnerabilityID": "CVE-2020-1971" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u5", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-01-09T16:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-23841", | |
"publishedDate": "2021-02-16T17:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()", | |
"vulnerabilityID": "CVE-2021-23841" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u6", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-08-29T20:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3449", | |
"publishedDate": "2021-03-25T15:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "openssl: NULL pointer dereference in signature_algorithms processing", | |
"vulnerabilityID": "CVE-2021-3449" | |
}, | |
{ | |
"fixedVersion": "1.1.1d-0+deb10u8", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-11-09T20:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-4160", | |
"publishedDate": "2022-01-28T22:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "openssl: Carry propagation bug in the MIPS32 and MIPS64 squaring procedure", | |
"vulnerabilityID": "CVE-2021-4160" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u4", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-08-08T14:22:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2097", | |
"publishedDate": "2022-07-05T11:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "AES OCB fails to encrypt some bytes", | |
"vulnerabilityID": "CVE-2022-2097" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u4", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-08-08T14:22:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4304", | |
"publishedDate": "2023-02-08T20:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "timing attack in RSA Decryption implementation", | |
"vulnerabilityID": "CVE-2022-4304" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u5", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-06-08T19:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0465", | |
"publishedDate": "2023-03-28T15:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Invalid certificate policies in leaf certificates are silently ignored", | |
"vulnerabilityID": "CVE-2023-0465" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u5", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-09-28T18:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0466", | |
"publishedDate": "2023-03-28T15:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Certificate policy check not enabled", | |
"vulnerabilityID": "CVE-2023-0466" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u5", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-08-29T18:04:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-2650", | |
"publishedDate": "2023-05-30T14:15:00Z", | |
"resource": "libssl1.1", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Possible DoS translating ASN.1 object identifiers", | |
"vulnerabilityID": "CVE-2023-2650" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u6", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-10-03T15:48:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3446", | |
"publishedDate": "2023-07-19T12:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Excessive time spent checking DH keys and parameters", | |
"vulnerabilityID": "CVE-2023-3446" | |
}, | |
{ | |
"fixedVersion": "1.1.1n-0+deb10u6", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2023-09-23T00:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3817", | |
"publishedDate": "2023-07-31T16:15:00Z", | |
"resource": "libssl1.1", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Excessive time spent checking DH q parameter value", | |
"vulnerabilityID": "CVE-2023-3817" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2022-11-01T14:44:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2007-6755", | |
"publishedDate": "2013-10-11T22:55:00Z", | |
"resource": "libssl1.1", | |
"severity": "LOW", | |
"target": "", | |
"title": "Dual_EC_DRBG: weak pseudo random number generator", | |
"vulnerabilityID": "CVE-2007-6755" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.1.1d-0+deb10u3", | |
"lastModifiedDate": "2017-08-17T01:32:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2010-0928", | |
"publishedDate": "2010-03-05T19:30:00Z", | |
"resource": "libssl1.1", | |
"severity": "LOW", | |
"target": "", | |
"title": "openssl: RSA authentication weakness", | |
"vulnerabilityID": "CVE-2010-0928" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.3.0-6", | |
"lastModifiedDate": "2020-08-24T17:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-12886", | |
"publishedDate": "2019-05-22T19:29:00Z", | |
"resource": "libstdc++6", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass", | |
"vulnerabilityID": "CVE-2018-12886" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.3.0-6", | |
"lastModifiedDate": "2020-09-17T13:38:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-15847", | |
"publishedDate": "2019-09-02T23:15:00Z", | |
"resource": "libstdc++6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output", | |
"vulnerabilityID": "CVE-2019-15847" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "8.3.0-6", | |
"lastModifiedDate": "2023-09-14T20:01:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4039", | |
"publishedDate": "2023-09-13T09:15:00Z", | |
"resource": "libstdc++6", | |
"score": 4.8, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "-fstack-protector fails to guard dynamic stack allocations on ARM64", | |
"vulnerabilityID": "CVE-2023-4039" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-31T18:53:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3843", | |
"publishedDate": "2019-04-26T21:29:00Z", | |
"resource": "libsystemd0", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "systemd: services with DynamicUser can create SUID/SGID binaries", | |
"vulnerabilityID": "CVE-2019-3843" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-31T18:52:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3844", | |
"publishedDate": "2019-04-26T21:29:00Z", | |
"resource": "libsystemd0", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", | |
"vulnerabilityID": "CVE-2019-3844" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u4", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-11-29T16:25:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1712", | |
"publishedDate": "2020-03-31T17:15:00Z", | |
"resource": "libsystemd0", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "systemd: use-after-free when asynchronous polkit queries are performed", | |
"vulnerabilityID": "CVE-2020-1712" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u9", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-08-11T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26604", | |
"publishedDate": "2023-03-03T16:15:00Z", | |
"resource": "libsystemd0", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "privilege escalation via the less pager", | |
"vulnerabilityID": "CVE-2023-26604" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u8", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-06-14T11:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33910", | |
"publishedDate": "2021-07-20T19:15:00Z", | |
"resource": "libsystemd0", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash", | |
"vulnerabilityID": "CVE-2021-33910" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-05-03T12:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3997", | |
"publishedDate": "2022-08-23T20:15:00Z", | |
"resource": "libsystemd0", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Uncontrolled recursion in systemd-tmpfiles when removing files", | |
"vulnerabilityID": "CVE-2021-3997" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u10", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-29T23:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3821", | |
"publishedDate": "2022-11-08T22:15:00Z", | |
"resource": "libsystemd0", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "buffer overrun in format_timespan() function", | |
"vulnerabilityID": "CVE-2022-3821" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-02-02T16:19:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4415", | |
"publishedDate": "2023-01-11T15:15:00Z", | |
"resource": "libsystemd0", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting", | |
"vulnerabilityID": "CVE-2022-4415" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-31T17:49:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4392", | |
"publishedDate": "2013-10-28T22:55:00Z", | |
"resource": "libsystemd0", | |
"severity": "LOW", | |
"target": "", | |
"title": "TOCTOU race condition when updating file permissions and SELinux security contexts", | |
"vulnerabilityID": "CVE-2013-4392" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-28T21:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20386", | |
"publishedDate": "2020-01-21T06:15:00Z", | |
"resource": "libsystemd0", | |
"score": 2.4, | |
"severity": "LOW", | |
"target": "", | |
"title": "systemd: memory leak in button_open() in login/logind-button.c when udev events are received", | |
"vulnerabilityID": "CVE-2019-20386" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-10-07T02:59:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13529", | |
"publishedDate": "2021-05-10T16:15:00Z", | |
"resource": "libsystemd0", | |
"score": 6.1, | |
"severity": "LOW", | |
"target": "", | |
"title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured", | |
"vulnerabilityID": "CVE-2020-13529" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-23T19:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31437", | |
"publishedDate": "2023-06-13T17:15:00Z", | |
"resource": "libsystemd0", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", | |
"vulnerabilityID": "CVE-2023-31437" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-23T19:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31438", | |
"publishedDate": "2023-06-13T17:15:00Z", | |
"resource": "libsystemd0", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", | |
"vulnerabilityID": "CVE-2023-31438" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-23T19:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31439", | |
"publishedDate": "2023-06-13T17:15:00Z", | |
"resource": "libsystemd0", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "An issue was discovered in systemd 253. An attacker can modify the con ...", | |
"vulnerabilityID": "CVE-2023-31439" | |
}, | |
{ | |
"fixedVersion": "4.13-3+deb10u1", | |
"installedVersion": "4.13-3", | |
"lastModifiedDate": "2023-08-08T14:21:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-46848", | |
"publishedDate": "2022-10-24T14:15:00Z", | |
"resource": "libtasn1-6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "Out-of-bound access in ETYPE_OK", | |
"vulnerabilityID": "CVE-2021-46848" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.13-3", | |
"lastModifiedDate": "2021-02-25T17:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-1000654", | |
"publishedDate": "2018-08-20T19:31:00Z", | |
"resource": "libtasn1-6", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion", | |
"vulnerabilityID": "CVE-2018-1000654" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u2", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-07-30T03:48:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35523", | |
"publishedDate": "2021-03-09T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libtiff: Integer overflow in tif_getimage.c", | |
"vulnerabilityID": "CVE-2020-35523" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u2", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-07-30T03:48:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35524", | |
"publishedDate": "2021-03-09T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libtiff: Heap-based buffer overflow in TIFF2PDF tool", | |
"vulnerabilityID": "CVE-2020-35524" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-02T17:33:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0891", | |
"publishedDate": "2022-03-10T17:44:00Z", | |
"resource": "libtiff5", | |
"score": 7.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libtiff: heap buffer overflow in extractImageSection", | |
"vulnerabilityID": "CVE-2022-0891" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-09-06T21:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3970", | |
"publishedDate": "2022-11-13T08:15:00Z", | |
"resource": "libtiff5", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "integer overflow in function TIFFReadRGBATileExt of the file", | |
"vulnerabilityID": "CVE-2022-3970" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-06-23T16:25:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-25434", | |
"publishedDate": "2023-06-14T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "heap-buffer overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-25434" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u3", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2021-11-30T19:38:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19143", | |
"publishedDate": "2021-09-09T15:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c", | |
"vulnerabilityID": "CVE-2020-19143" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-11-16T19:12:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0561", | |
"publishedDate": "2022-02-11T18:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libtiff: Denial of Service via crafted TIFF file", | |
"vulnerabilityID": "CVE-2022-0561" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-11-16T19:13:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0562", | |
"publishedDate": "2022-02-11T18:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libtiff: Null source pointer lead to Denial of Service via crafted TIFF file", | |
"vulnerabilityID": "CVE-2022-0562" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-22T17:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0865", | |
"publishedDate": "2022-03-10T17:44:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libtiff: reachable assertion", | |
"vulnerabilityID": "CVE-2022-0865" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-08T14:21:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0907", | |
"publishedDate": "2022-03-11T18:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "tiff: NULL Pointer Dereference in tiffcrop", | |
"vulnerabilityID": "CVE-2022-0907" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-11-07T20:37:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0908", | |
"publishedDate": "2022-03-11T18:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c", | |
"vulnerabilityID": "CVE-2022-0908" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-11-07T20:38:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0909", | |
"publishedDate": "2022-03-11T18:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "tiff: Divide By Zero error in tiffcrop", | |
"vulnerabilityID": "CVE-2022-0909" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-11-16T19:24:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0924", | |
"publishedDate": "2022-03-11T18:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libtiff: Out-of-bounds Read error in tiffcp", | |
"vulnerabilityID": "CVE-2022-0924" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:50:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1354", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c", | |
"vulnerabilityID": "CVE-2022-1354" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:52:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1355", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.1, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "stack-buffer-overflow in tiffcp.c in main()", | |
"vulnerabilityID": "CVE-2022-1355" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2056", | |
"publishedDate": "2022-06-30T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "division by zero issues in tiffcrop", | |
"vulnerabilityID": "CVE-2022-2056" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2057", | |
"publishedDate": "2022-06-30T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "division by zero issues in tiffcrop", | |
"vulnerabilityID": "CVE-2022-2057" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:56:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2058", | |
"publishedDate": "2022-06-30T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "division by zero issues in tiffcrop", | |
"vulnerabilityID": "CVE-2022-2058" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u4", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-11-16T19:07:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22844", | |
"publishedDate": "2022-01-10T14:12:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in _TIFFmemcpy() in tif_unix.c", | |
"vulnerabilityID": "CVE-2022-22844" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:49:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2867", | |
"publishedDate": "2022-08-17T22:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "uint32_t underflow leads to out of bounds read and write in tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-2867" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-07-21T16:38:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2868", | |
"publishedDate": "2022-08-17T22:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()", | |
"vulnerabilityID": "CVE-2022-2868" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:49:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2869", | |
"publishedDate": "2022-08-17T22:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()", | |
"vulnerabilityID": "CVE-2022-2869" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-09T01:58:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-34526", | |
"publishedDate": "2022-07-29T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit", | |
"vulnerabilityID": "CVE-2022-34526" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T16:02:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3570", | |
"publishedDate": "2022-10-21T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "heap Buffer overflows in tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-3570" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T16:04:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3597", | |
"publishedDate": "2022-10-21T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix", | |
"vulnerabilityID": "CVE-2022-3597" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-03-31T16:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3598", | |
"publishedDate": "2022-10-21T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-3598" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T16:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3599", | |
"publishedDate": "2022-10-21T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in writeSingleSection in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-3599" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-03-31T16:06:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3626", | |
"publishedDate": "2022-10-21T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c", | |
"vulnerabilityID": "CVE-2022-3626" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T16:07:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3627", | |
"publishedDate": "2022-10-21T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c", | |
"vulnerabilityID": "CVE-2022-3627" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-26T02:13:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40090", | |
"publishedDate": "2023-08-22T19:16:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "infinite loop via a crafted TIFF file", | |
"vulnerabilityID": "CVE-2022-40090" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-03-31T11:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4645", | |
"publishedDate": "2023-03-03T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in tiffcp in tools/tiffcp.c", | |
"vulnerabilityID": "CVE-2022-4645" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u6", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-48281", | |
"publishedDate": "2023-01-23T03:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-48281" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0795", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0795" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0796", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0796" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0797", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0797" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0798", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0798" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0799", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0799" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0800", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0800" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0801", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0801" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0802", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0802" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-05-30T06:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0803", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0803" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-09-01T06:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0804", | |
"publishedDate": "2023-02-13T23:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-0804" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-01T02:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-25433", | |
"publishedDate": "2023-06-29T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Buffer Overflow via /libtiff/tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-25433" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u7", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-06-28T18:51:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-25435", | |
"publishedDate": "2023-06-21T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-25435" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-01T02:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26965", | |
"publishedDate": "2023-06-14T21:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "heap-based use after free via a crafted TIFF image in loadImage() in tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-26965" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-01T02:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26966", | |
"publishedDate": "2023-06-29T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Buffer Overflow in uv_encode()", | |
"vulnerabilityID": "CVE-2023-26966" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-02T15:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-2908", | |
"publishedDate": "2023-06-30T22:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "null pointer dereference in tif_dir.c", | |
"vulnerabilityID": "CVE-2023-2908" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-06-16T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-30086", | |
"publishedDate": "2023-05-09T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Heap buffer overflow in tiffcp() at tiffcp.c", | |
"vulnerabilityID": "CVE-2023-30086" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u5", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-07-03T16:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-30774", | |
"publishedDate": "2023-05-19T15:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value", | |
"vulnerabilityID": "CVE-2023-30774" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-01T02:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3316", | |
"publishedDate": "2023-06-19T12:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "null pointer dereference in TIFFClose()", | |
"vulnerabilityID": "CVE-2023-3316" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-10-10T13:09:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3576", | |
"publishedDate": "2023-10-04T19:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "memory leak in tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-3576" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-08-24T19:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3618", | |
"publishedDate": "2023-07-12T15:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "segmentation fault in Fax3Encode in libtiff/tif_fax3.c", | |
"vulnerabilityID": "CVE-2023-3618" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-10-10T14:52:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-40745", | |
"publishedDate": "2023-10-05T19:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "integer overflow in tiffcp.c", | |
"vulnerabilityID": "CVE-2023-40745" | |
}, | |
{ | |
"fixedVersion": "4.1.0+git191117-2~deb10u8", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-10-10T14:52:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-41175", | |
"publishedDate": "2023-10-05T19:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "potential integer overflow in raw2tiff.c", | |
"vulnerabilityID": "CVE-2023-41175" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2019-10-03T00:03:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-16232", | |
"publishedDate": "2019-03-21T15:59:00Z", | |
"resource": "libtiff5", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c", | |
"vulnerabilityID": "CVE-2017-16232" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2018-02-12T02:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-17973", | |
"publishedDate": "2017-12-29T21:29:00Z", | |
"resource": "libtiff5", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc", | |
"vulnerabilityID": "CVE-2017-17973" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2019-10-03T00:03:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-5563", | |
"publishedDate": "2017-01-23T07:59:00Z", | |
"resource": "libtiff5", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c", | |
"vulnerabilityID": "CVE-2017-5563" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2019-10-03T00:03:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-9117", | |
"publishedDate": "2017-05-21T19:29:00Z", | |
"resource": "libtiff5", | |
"score": 9.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: Heap-based buffer over-read in bmp2tiff", | |
"vulnerabilityID": "CVE-2017-9117" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2021-03-15T22:31:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-10126", | |
"publishedDate": "2018-04-21T21:29:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c", | |
"vulnerabilityID": "CVE-2018-10126" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-07-30T03:48:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35521", | |
"publishedDate": "2021-03-09T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: Memory allocation failure in tiff2rgba", | |
"vulnerabilityID": "CVE-2020-35521" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2022-07-30T03:48:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35522", | |
"publishedDate": "2021-03-09T20:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libtiff: Memory allocation failure in tiff2rgba", | |
"vulnerabilityID": "CVE-2020-35522" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-22T17:35:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1056", | |
"publishedDate": "2022-03-28T19:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c", | |
"vulnerabilityID": "CVE-2022-1056" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-07-24T13:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1210", | |
"publishedDate": "2022-04-03T09:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "tiff: Malicious file leads to a denial of service in TIFF File Handler", | |
"vulnerabilityID": "CVE-2022-1210" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2519", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "Double free or corruption in rotateImage() function at tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-2519" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-28T15:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2520", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "Assertion fail in rotateImage() function at tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-2520" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T15:59:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2521", | |
"publishedDate": "2022-08-31T16:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "Invalid pointer free operation in TIFFClose() at tif_close.c", | |
"vulnerabilityID": "CVE-2022-2521" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-02-23T16:01:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2953", | |
"publishedDate": "2022-08-29T15:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap-buffer-overflow in extractImageSection in tiffcrop.c", | |
"vulnerabilityID": "CVE-2022-2953" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-04-18T15:25:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-1916", | |
"publishedDate": "2023-04-10T22:15:00Z", | |
"resource": "libtiff5", | |
"score": 6.1, | |
"severity": "LOW", | |
"target": "", | |
"title": "out-of-bounds read in extractImageSection() in tools/tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-1916" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "2023-07-03T16:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-30775", | |
"publishedDate": "2023-05-19T15:15:00Z", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "Heap buffer overflow in extractContigSamples32bits, tiffcrop.c", | |
"vulnerabilityID": "CVE-2023-30775" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "4.1.0+git191117-2~deb10u1", | |
"lastModifiedDate": "", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3164", | |
"publishedDate": "", | |
"resource": "libtiff5", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap-buffer-overflow in extractImageSection()", | |
"vulnerabilityID": "CVE-2023-3164" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u3", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2022-11-08T19:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458", | |
"publishedDate": "2022-04-18T21:15:00Z", | |
"resource": "libtinfo6", | |
"score": 7.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "segfaulting OOB read", | |
"vulnerabilityID": "CVE-2022-29458" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-09-09T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491", | |
"publishedDate": "2023-04-14T01:15:00Z", | |
"resource": "libtinfo6", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Local users can trigger security-relevant memory corruption via malformed data", | |
"vulnerabilityID": "CVE-2023-29491" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u4", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-10-20T21:21:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189", | |
"publishedDate": "2023-08-22T19:16:00Z", | |
"resource": "libtinfo6", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "997", | |
"vulnerabilityID": "CVE-2020-19189" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-04-27T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537", | |
"publishedDate": "2021-09-20T16:15:00Z", | |
"resource": "libtinfo6", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", | |
"vulnerabilityID": "CVE-2021-39537" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-31T18:53:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3843", | |
"publishedDate": "2019-04-26T21:29:00Z", | |
"resource": "libudev1", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "systemd: services with DynamicUser can create SUID/SGID binaries", | |
"vulnerabilityID": "CVE-2019-3843" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-31T18:52:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3844", | |
"publishedDate": "2019-04-26T21:29:00Z", | |
"resource": "libudev1", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "systemd: services with DynamicUser can get new privileges and create SGID binaries", | |
"vulnerabilityID": "CVE-2019-3844" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u4", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-11-29T16:25:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1712", | |
"publishedDate": "2020-03-31T17:15:00Z", | |
"resource": "libudev1", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "systemd: use-after-free when asynchronous polkit queries are performed", | |
"vulnerabilityID": "CVE-2020-1712" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u9", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-08-11T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26604", | |
"publishedDate": "2023-03-03T16:15:00Z", | |
"resource": "libudev1", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "privilege escalation via the less pager", | |
"vulnerabilityID": "CVE-2023-26604" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u8", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-06-14T11:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33910", | |
"publishedDate": "2021-07-20T19:15:00Z", | |
"resource": "libudev1", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash", | |
"vulnerabilityID": "CVE-2021-33910" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-05-03T12:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3997", | |
"publishedDate": "2022-08-23T20:15:00Z", | |
"resource": "libudev1", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Uncontrolled recursion in systemd-tmpfiles when removing files", | |
"vulnerabilityID": "CVE-2021-3997" | |
}, | |
{ | |
"fixedVersion": "241-7~deb10u10", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-29T23:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3821", | |
"publishedDate": "2022-11-08T22:15:00Z", | |
"resource": "libudev1", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "buffer overrun in format_timespan() function", | |
"vulnerabilityID": "CVE-2022-3821" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-02-02T16:19:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4415", | |
"publishedDate": "2023-01-11T15:15:00Z", | |
"resource": "libudev1", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting", | |
"vulnerabilityID": "CVE-2022-4415" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-31T17:49:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4392", | |
"publishedDate": "2013-10-28T22:55:00Z", | |
"resource": "libudev1", | |
"severity": "LOW", | |
"target": "", | |
"title": "TOCTOU race condition when updating file permissions and SELinux security contexts", | |
"vulnerabilityID": "CVE-2013-4392" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-01-28T21:27:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20386", | |
"publishedDate": "2020-01-21T06:15:00Z", | |
"resource": "libudev1", | |
"score": 2.4, | |
"severity": "LOW", | |
"target": "", | |
"title": "systemd: memory leak in button_open() in login/logind-button.c when udev events are received", | |
"vulnerabilityID": "CVE-2019-20386" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2022-10-07T02:59:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13529", | |
"publishedDate": "2021-05-10T16:15:00Z", | |
"resource": "libudev1", | |
"score": 6.1, | |
"severity": "LOW", | |
"target": "", | |
"title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured", | |
"vulnerabilityID": "CVE-2020-13529" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-23T19:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31437", | |
"publishedDate": "2023-06-13T17:15:00Z", | |
"resource": "libudev1", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "An issue was discovered in systemd 253. An attacker can modify a seale ...", | |
"vulnerabilityID": "CVE-2023-31437" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-23T19:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31438", | |
"publishedDate": "2023-06-13T17:15:00Z", | |
"resource": "libudev1", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", | |
"vulnerabilityID": "CVE-2023-31438" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "241-7~deb10u3", | |
"lastModifiedDate": "2023-06-23T19:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31439", | |
"publishedDate": "2023-06-13T17:15:00Z", | |
"resource": "libudev1", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "An issue was discovered in systemd 253. An attacker can modify the con ...", | |
"vulnerabilityID": "CVE-2023-31439" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "libuuid1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "libuuid1", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-02-17T03:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25009", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: out-of-bounds read in WebPMuxCreateInternal", | |
"vulnerabilityID": "CVE-2018-25009" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-02-10T17:45:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25010", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: out-of-bounds read in ApplyFilter()", | |
"vulnerabilityID": "CVE-2018-25010" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-02-10T17:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25011", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: heap-based buffer overflow in PutLE16()", | |
"vulnerabilityID": "CVE-2018-25011" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-02-28T15:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25012", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: out-of-bounds read in WebPMuxCreateInternal()", | |
"vulnerabilityID": "CVE-2018-25012" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-02-09T02:21:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25013", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: out-of-bounds read in ShiftBytes()", | |
"vulnerabilityID": "CVE-2018-25013" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-02-09T02:24:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25014", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: use of uninitialized value in ReadSymbol()", | |
"vulnerabilityID": "CVE-2018-25014" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-01-09T16:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36328", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", | |
"vulnerabilityID": "CVE-2020-36328" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-01-09T16:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36329", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", | |
"vulnerabilityID": "CVE-2020-36329" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2021-11-30T19:43:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36330", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c", | |
"vulnerabilityID": "CVE-2020-36330" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-01-09T16:41:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36331", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 9.1, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c", | |
"vulnerabilityID": "CVE-2020-36331" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u1", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2022-09-20T19:28:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36332", | |
"publishedDate": "2021-05-21T17:15:00Z", | |
"resource": "libwebp6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libwebp: excessive memory allocation when reading a file", | |
"vulnerabilityID": "CVE-2020-36332" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u2", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-09-17T09:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-1999", | |
"publishedDate": "2023-06-20T12:15:00Z", | |
"resource": "libwebp6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Double-free in libwebp", | |
"vulnerabilityID": "CVE-2023-1999" | |
}, | |
{ | |
"fixedVersion": "0.6.1-2+deb10u3", | |
"installedVersion": "0.6.1-2", | |
"lastModifiedDate": "2023-10-02T02:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4863", | |
"publishedDate": "2023-09-12T15:15:00Z", | |
"resource": "libwebp6", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Heap buffer overflow in WebP Codec", | |
"vulnerabilityID": "CVE-2023-4863" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u2", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2021-09-23T12:45:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-31535", | |
"publishedDate": "2021-05-27T13:15:00Z", | |
"resource": "libx11-6", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "missing request length checks", | |
"vulnerabilityID": "CVE-2021-31535" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u1", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2021-11-04T16:10:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14363", | |
"publishedDate": "2020-09-11T18:15:00Z", | |
"resource": "libx11-6", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libX11: integer overflow leads to double free in locale handling", | |
"vulnerabilityID": "CVE-2020-14363" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u3", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-07-07T13:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3138", | |
"publishedDate": "2023-06-28T21:15:00Z", | |
"resource": "libx11-6", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow", | |
"vulnerabilityID": "CVE-2023-3138" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u4", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-10-13T13:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43787", | |
"publishedDate": "2023-10-10T13:15:00Z", | |
"resource": "libx11-6", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "integer overflow in XCreateImage() leading to a heap overflow", | |
"vulnerabilityID": "CVE-2023-43787" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u1", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2022-11-29T02:19:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14344", | |
"publishedDate": "2020-08-05T14:15:00Z", | |
"resource": "libx11-6", | |
"score": 6.7, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libX11: Heap overflow in the X input method client", | |
"vulnerabilityID": "CVE-2020-14344" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u4", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-10-12T19:03:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43785", | |
"publishedDate": "2023-10-10T13:15:00Z", | |
"resource": "libx11-6", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds memory access in _XkbReadKeySyms()", | |
"vulnerabilityID": "CVE-2023-43785" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u4", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-10-13T13:26:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43786", | |
"publishedDate": "2023-10-10T13:15:00Z", | |
"resource": "libx11-6", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "stack exhaustion from infinite recursion in PutSubImage()", | |
"vulnerabilityID": "CVE-2023-43786" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u2", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2021-09-23T12:45:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-31535", | |
"publishedDate": "2021-05-27T13:15:00Z", | |
"resource": "libx11-data", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "missing request length checks", | |
"vulnerabilityID": "CVE-2021-31535" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u1", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2021-11-04T16:10:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14363", | |
"publishedDate": "2020-09-11T18:15:00Z", | |
"resource": "libx11-data", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libX11: integer overflow leads to double free in locale handling", | |
"vulnerabilityID": "CVE-2020-14363" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u3", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-07-07T13:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3138", | |
"publishedDate": "2023-06-28T21:15:00Z", | |
"resource": "libx11-data", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow", | |
"vulnerabilityID": "CVE-2023-3138" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u4", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-10-13T13:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43787", | |
"publishedDate": "2023-10-10T13:15:00Z", | |
"resource": "libx11-data", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "integer overflow in XCreateImage() leading to a heap overflow", | |
"vulnerabilityID": "CVE-2023-43787" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u1", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2022-11-29T02:19:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14344", | |
"publishedDate": "2020-08-05T14:15:00Z", | |
"resource": "libx11-data", | |
"score": 6.7, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libX11: Heap overflow in the X input method client", | |
"vulnerabilityID": "CVE-2020-14344" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u4", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-10-12T19:03:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43785", | |
"publishedDate": "2023-10-10T13:15:00Z", | |
"resource": "libx11-data", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out-of-bounds memory access in _XkbReadKeySyms()", | |
"vulnerabilityID": "CVE-2023-43785" | |
}, | |
{ | |
"fixedVersion": "2:1.6.7-1+deb10u4", | |
"installedVersion": "2:1.6.7-1", | |
"lastModifiedDate": "2023-10-13T13:26:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43786", | |
"publishedDate": "2023-10-10T13:15:00Z", | |
"resource": "libx11-data", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "stack exhaustion from infinite recursion in PutSubImage()", | |
"vulnerabilityID": "CVE-2023-43786" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-04-08T23:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-16932", | |
"publishedDate": "2017-11-23T21:29:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libxml2: Infinite recursion in parameter entities", | |
"vulnerabilityID": "CVE-2017-16932" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u1", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2021-07-21T11:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19956", | |
"publishedDate": "2019-12-24T16:15:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c", | |
"vulnerabilityID": "CVE-2019-19956" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u1", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-07-25T18:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20388", | |
"publishedDate": "2020-01-21T23:15:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c", | |
"vulnerabilityID": "CVE-2019-20388" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u1", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-07-25T18:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-7595", | |
"publishedDate": "2020-01-21T23:15:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "infinite loop in xmlStringLenDecodeEntities in some end-of-file situations", | |
"vulnerabilityID": "CVE-2020-7595" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u2", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-03-01T15:11:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3516", | |
"publishedDate": "2021-06-01T14:15:00Z", | |
"resource": "libxml2", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", | |
"vulnerabilityID": "CVE-2021-3516" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u2", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-10-05T02:28:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3517", | |
"publishedDate": "2021-05-19T14:15:00Z", | |
"resource": "libxml2", | |
"score": 8.6, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", | |
"vulnerabilityID": "CVE-2021-3517" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u2", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-10-05T02:25:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3518", | |
"publishedDate": "2021-05-18T12:15:00Z", | |
"resource": "libxml2", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", | |
"vulnerabilityID": "CVE-2021-3518" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-10-28T18:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2309", | |
"publishedDate": "2022-07-05T10:15:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "lxml: NULL Pointer Dereference in lxml", | |
"vulnerabilityID": "CVE-2022-2309" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u3", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-11-02T13:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23308", | |
"publishedDate": "2022-02-26T05:15:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Use-after-free of ID and IDREF attributes", | |
"vulnerabilityID": "CVE-2022-23308" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u5", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-01-11T17:29:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40303", | |
"publishedDate": "2022-11-23T00:15:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "integer overflows with XML_PARSE_HUGE", | |
"vulnerabilityID": "CVE-2022-40303" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u5", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-08-08T14:22:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40304", | |
"publishedDate": "2022-11-23T18:15:00Z", | |
"resource": "libxml2", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "dict corruption caused by entity reference cycles", | |
"vulnerabilityID": "CVE-2022-40304" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-12-07T16:39:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-3709", | |
"publishedDate": "2022-07-28T17:15:00Z", | |
"resource": "libxml2", | |
"score": 6.1, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Incorrect server side include parsing can lead to XSS", | |
"vulnerabilityID": "CVE-2016-3709" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-04-08T23:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-9318", | |
"publishedDate": "2016-11-16T00:59:00Z", | |
"resource": "libxml2", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libxml2: XML External Entity vulnerability", | |
"vulnerabilityID": "CVE-2016-9318" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u1", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2020-09-10T01:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14567", | |
"publishedDate": "2018-08-16T20:29:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", | |
"vulnerabilityID": "CVE-2018-14567" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u2", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-02-28T15:19:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3537", | |
"publishedDate": "2021-05-14T20:15:00Z", | |
"resource": "libxml2", | |
"score": 5.9, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "NULL pointer dereference when post-validating mixed content parsed in recovery mode", | |
"vulnerabilityID": "CVE-2021-3537" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u2", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-03-01T18:25:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3541", | |
"publishedDate": "2021-07-09T17:15:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", | |
"vulnerabilityID": "CVE-2021-3541" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u4", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-01-11T17:33:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29824", | |
"publishedDate": "2022-05-03T03:15:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write", | |
"vulnerabilityID": "CVE-2022-29824" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u6", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-06-01T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-28484", | |
"publishedDate": "2023-04-24T21:15:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "NULL dereference in xmlSchemaFixupComplexType", | |
"vulnerabilityID": "CVE-2023-28484" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u6", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-06-01T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29469", | |
"publishedDate": "2023-04-24T21:15:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Hashing of empty dict strings isn't deterministic", | |
"vulnerabilityID": "CVE-2023-29469" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-09-06T17:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-39615", | |
"publishedDate": "2023-08-29T17:15:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "crafted xml can cause global buffer overflow", | |
"vulnerabilityID": "CVE-2023-39615" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2023-10-11T18:13:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-45322", | |
"publishedDate": "2023-10-06T22:15:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "use-after-free in xmlUnlinkNode() in tree.c", | |
"vulnerabilityID": "CVE-2023-45322" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u1", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2020-09-10T01:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-18258", | |
"publishedDate": "2018-04-08T17:29:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "Unrestricted memory usage in xz_head() function in xzlib.c", | |
"vulnerabilityID": "CVE-2017-18258" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u1", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2020-09-10T01:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14404", | |
"publishedDate": "2018-07-19T13:29:00Z", | |
"resource": "libxml2", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c", | |
"vulnerabilityID": "CVE-2018-14404" | |
}, | |
{ | |
"fixedVersion": "2.9.4+dfsg1-7+deb10u2", | |
"installedVersion": "2.9.4+dfsg1-7+b3", | |
"lastModifiedDate": "2022-07-25T18:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-24977", | |
"publishedDate": "2020-09-04T00:15:00Z", | |
"resource": "libxml2", | |
"score": 6.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c", | |
"vulnerabilityID": "CVE-2020-24977" | |
}, | |
{ | |
"fixedVersion": "1:3.5.12-1+deb10u1", | |
"installedVersion": "1:3.5.12-1", | |
"lastModifiedDate": "2023-10-17T15:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-44617", | |
"publishedDate": "2023-02-06T23:15:00Z", | |
"resource": "libxpm4", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libXpm: Runaway loop on width of 0 and enormous height", | |
"vulnerabilityID": "CVE-2022-44617" | |
}, | |
{ | |
"fixedVersion": "1:3.5.12-1+deb10u1", | |
"installedVersion": "1:3.5.12-1", | |
"lastModifiedDate": "2023-10-17T15:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-46285", | |
"publishedDate": "2023-02-07T19:15:00Z", | |
"resource": "libxpm4", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libXpm: Infinite loop on unclosed comments", | |
"vulnerabilityID": "CVE-2022-46285" | |
}, | |
{ | |
"fixedVersion": "1:3.5.12-1+deb10u1", | |
"installedVersion": "1:3.5.12-1", | |
"lastModifiedDate": "2023-10-17T15:55:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4883", | |
"publishedDate": "2023-02-07T19:15:00Z", | |
"resource": "libxpm4", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "libXpm: compression commands depend on $PATH", | |
"vulnerabilityID": "CVE-2022-4883" | |
}, | |
{ | |
"fixedVersion": "1:3.5.12-1+deb10u2", | |
"installedVersion": "1:3.5.12-1", | |
"lastModifiedDate": "2023-10-15T04:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43788", | |
"publishedDate": "2023-10-10T13:15:00Z", | |
"resource": "libxpm4", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out of bounds read in XpmCreateXpmImageFromBuffer()", | |
"vulnerabilityID": "CVE-2023-43788" | |
}, | |
{ | |
"fixedVersion": "1:3.5.12-1+deb10u2", | |
"installedVersion": "1:3.5.12-1", | |
"lastModifiedDate": "2023-10-17T18:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43789", | |
"publishedDate": "2023-10-12T12:15:00Z", | |
"resource": "libxpm4", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "out of bounds read on XPM with corrupted colormap", | |
"vulnerabilityID": "CVE-2023-43789" | |
}, | |
{ | |
"fixedVersion": "1.1.32-2.2~deb10u2", | |
"installedVersion": "1.1.32-2.2~deb10u1", | |
"lastModifiedDate": "2022-10-27T19:47:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-5815", | |
"publishedDate": "2019-12-11T01:15:00Z", | |
"resource": "libxslt1.1", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "chromium-browser: Heap buffer overflow in Blink", | |
"vulnerabilityID": "CVE-2019-5815" | |
}, | |
{ | |
"fixedVersion": "1.1.32-2.2~deb10u2", | |
"installedVersion": "1.1.32-2.2~deb10u1", | |
"lastModifiedDate": "2022-10-27T20:10:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-30560", | |
"publishedDate": "2021-08-03T19:15:00Z", | |
"resource": "libxslt1.1", | |
"score": 8.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...", | |
"vulnerabilityID": "CVE-2021-30560" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.1.32-2.2~deb10u1", | |
"lastModifiedDate": "2017-04-11T19:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2015-9019", | |
"publishedDate": "2017-04-05T21:59:00Z", | |
"resource": "libxslt1.1", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "libxslt: math.random() in xslt uses unseeded randomness", | |
"vulnerabilityID": "CVE-2015-9019" | |
}, | |
{ | |
"fixedVersion": "1.3.8+dfsg-3+deb10u1", | |
"installedVersion": "1.3.8+dfsg-3", | |
"lastModifiedDate": "2021-04-14T15:28:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-24031", | |
"publishedDate": "2021-03-04T21:15:00Z", | |
"resource": "libzstd1", | |
"score": 5.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "adds read permissions to files while being compressed or uncompressed", | |
"vulnerabilityID": "CVE-2021-24031" | |
}, | |
{ | |
"fixedVersion": "1.3.8+dfsg-3+deb10u2", | |
"installedVersion": "1.3.8+dfsg-3", | |
"lastModifiedDate": "2021-04-28T20:04:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-24032", | |
"publishedDate": "2021-03-04T21:15:00Z", | |
"resource": "libzstd1", | |
"score": 4.7, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "Race condition allows attacker to access world-readable destination file", | |
"vulnerabilityID": "CVE-2021-24032" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4641", | |
"publishedDate": "", | |
"resource": "login", | |
"score": 4.7, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "possible password leak during passwd(1) change", | |
"vulnerabilityID": "CVE-2023-4641" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2018-10-15T21:45:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2007-5686", | |
"publishedDate": "2007-10-28T17:08:00Z", | |
"resource": "login", | |
"severity": "LOW", | |
"target": "", | |
"title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", | |
"vulnerabilityID": "CVE-2007-5686" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2023-02-13T00:28:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4235", | |
"publishedDate": "2019-12-03T15:15:00Z", | |
"resource": "login", | |
"score": 4.7, | |
"severity": "LOW", | |
"target": "", | |
"title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", | |
"vulnerabilityID": "CVE-2013-4235" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2019-10-03T00:03:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-7169", | |
"publishedDate": "2018-02-15T20:29:00Z", | |
"resource": "login", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", | |
"vulnerabilityID": "CVE-2018-7169" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2020-08-25T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19882", | |
"publishedDate": "2019-12-18T16:15:00Z", | |
"resource": "login", | |
"score": 7.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", | |
"vulnerabilityID": "CVE-2019-19882" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2023-04-24T18:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29383", | |
"publishedDate": "2023-04-14T22:15:00Z", | |
"resource": "login", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "Improper input validation in shadow-utils package utility chfn", | |
"vulnerabilityID": "CVE-2023-29383" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "mount", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "mount", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u3", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2022-11-08T19:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458", | |
"publishedDate": "2022-04-18T21:15:00Z", | |
"resource": "ncurses-base", | |
"score": 7.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "segfaulting OOB read", | |
"vulnerabilityID": "CVE-2022-29458" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-09-09T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491", | |
"publishedDate": "2023-04-14T01:15:00Z", | |
"resource": "ncurses-base", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Local users can trigger security-relevant memory corruption via malformed data", | |
"vulnerabilityID": "CVE-2023-29491" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u4", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-10-20T21:21:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189", | |
"publishedDate": "2023-08-22T19:16:00Z", | |
"resource": "ncurses-base", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "997", | |
"vulnerabilityID": "CVE-2020-19189" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-04-27T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537", | |
"publishedDate": "2021-09-20T16:15:00Z", | |
"resource": "ncurses-base", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", | |
"vulnerabilityID": "CVE-2021-39537" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u3", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2022-11-08T19:46:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458", | |
"publishedDate": "2022-04-18T21:15:00Z", | |
"resource": "ncurses-bin", | |
"score": 7.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "segfaulting OOB read", | |
"vulnerabilityID": "CVE-2022-29458" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-09-09T22:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491", | |
"publishedDate": "2023-04-14T01:15:00Z", | |
"resource": "ncurses-bin", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Local users can trigger security-relevant memory corruption via malformed data", | |
"vulnerabilityID": "CVE-2023-29491" | |
}, | |
{ | |
"fixedVersion": "6.1+20181013-2+deb10u4", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-10-20T21:21:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189", | |
"publishedDate": "2023-08-22T19:16:00Z", | |
"resource": "ncurses-bin", | |
"score": 6.5, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "997", | |
"vulnerabilityID": "CVE-2020-19189" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "6.1+20181013-2+deb10u2", | |
"lastModifiedDate": "2023-04-27T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537", | |
"publishedDate": "2021-09-20T16:15:00Z", | |
"resource": "ncurses-bin", | |
"score": 8.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c", | |
"vulnerabilityID": "CVE-2021-39537" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.16.1-1~buster", | |
"lastModifiedDate": "2021-06-03T19:10:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36309", | |
"publishedDate": "2021-04-06T19:15:00Z", | |
"resource": "nginx", | |
"score": 5.3, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...", | |
"vulnerabilityID": "CVE-2020-36309" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.16.1-1~buster", | |
"lastModifiedDate": "2021-11-10T15:51:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2009-4487", | |
"publishedDate": "2010-01-13T20:30:00Z", | |
"resource": "nginx", | |
"severity": "LOW", | |
"target": "", | |
"title": "nginx: Absent sanitation of escape sequences in web server log", | |
"vulnerabilityID": "CVE-2009-4487" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.16.1-1~buster", | |
"lastModifiedDate": "2021-11-10T15:57:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-0337", | |
"publishedDate": "2013-10-27T00:55:00Z", | |
"resource": "nginx", | |
"severity": "LOW", | |
"target": "", | |
"title": "The default configuration of nginx, possibly 1.3.13 and earlier, uses ...", | |
"vulnerabilityID": "CVE-2013-0337" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.16.1-1~buster", | |
"lastModifiedDate": "2023-10-20T21:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-44487", | |
"publishedDate": "2023-10-10T14:15:00Z", | |
"resource": "nginx", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", | |
"vulnerabilityID": "CVE-2023-44487" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4641", | |
"publishedDate": "", | |
"resource": "passwd", | |
"score": 4.7, | |
"severity": "MEDIUM", | |
"target": "", | |
"title": "possible password leak during passwd(1) change", | |
"vulnerabilityID": "CVE-2023-4641" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2018-10-15T21:45:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2007-5686", | |
"publishedDate": "2007-10-28T17:08:00Z", | |
"resource": "passwd", | |
"severity": "LOW", | |
"target": "", | |
"title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", | |
"vulnerabilityID": "CVE-2007-5686" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2023-02-13T00:28:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4235", | |
"publishedDate": "2019-12-03T15:15:00Z", | |
"resource": "passwd", | |
"score": 4.7, | |
"severity": "LOW", | |
"target": "", | |
"title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees", | |
"vulnerabilityID": "CVE-2013-4235" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2019-10-03T00:03:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-7169", | |
"publishedDate": "2018-02-15T20:29:00Z", | |
"resource": "passwd", | |
"score": 5.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation", | |
"vulnerabilityID": "CVE-2018-7169" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2020-08-25T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19882", | |
"publishedDate": "2019-12-18T16:15:00Z", | |
"resource": "passwd", | |
"score": 7.8, | |
"severity": "LOW", | |
"target": "", | |
"title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured", | |
"vulnerabilityID": "CVE-2019-19882" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:4.5-1.1", | |
"lastModifiedDate": "2023-04-24T18:05:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29383", | |
"publishedDate": "2023-04-14T22:15:00Z", | |
"resource": "passwd", | |
"score": 3.3, | |
"severity": "LOW", | |
"target": "", | |
"title": "Improper input validation in shadow-utils package utility chfn", | |
"vulnerabilityID": "CVE-2023-29383" | |
}, | |
{ | |
"fixedVersion": "5.28.1-6+deb10u1", | |
"installedVersion": "5.28.1-6", | |
"lastModifiedDate": "2022-05-12T15:00:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10543", | |
"publishedDate": "2020-06-05T14:15:00Z", | |
"resource": "perl-base", | |
"score": 8.2, | |
"severity": "HIGH", | |
"target": "", | |
"title": "heap-based buffer overflow in regular expression compiler leads to DoS", | |
"vulnerabilityID": "CVE-2020-10543" | |
}, | |
{ | |
"fixedVersion": "5.28.1-6+deb10u1", | |
"installedVersion": "5.28.1-6", | |
"lastModifiedDate": "2022-05-12T15:00:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10878", | |
"publishedDate": "2020-06-05T14:15:00Z", | |
"resource": "perl-base", | |
"score": 8.6, | |
"severity": "HIGH", | |
"target": "", | |
"title": "corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS", | |
"vulnerabilityID": "CVE-2020-10878" | |
}, | |
{ | |
"fixedVersion": "5.28.1-6+deb10u1", | |
"installedVersion": "5.28.1-6", | |
"lastModifiedDate": "2022-05-12T15:00:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-12723", | |
"publishedDate": "2020-06-05T15:15:00Z", | |
"resource": "perl-base", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS", | |
"vulnerabilityID": "CVE-2020-12723" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "5.28.1-6", | |
"lastModifiedDate": "2022-04-01T13:26:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-16156", | |
"publishedDate": "2021-12-13T18:15:00Z", | |
"resource": "perl-base", | |
"score": 7.8, | |
"severity": "HIGH", | |
"target": "", | |
"title": "Bypass of verification of signatures in CHECKSUMS files", | |
"vulnerabilityID": "CVE-2020-16156" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "5.28.1-6", | |
"lastModifiedDate": "2023-08-02T15:28:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31484", | |
"publishedDate": "2023-04-29T00:15:00Z", | |
"resource": "perl-base", | |
"score": 8.1, | |
"severity": "HIGH", | |
"target": "", | |
"title": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS", | |
"vulnerabilityID": "CVE-2023-31484" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "5.28.1-6", | |
"lastModifiedDate": "2020-02-05T22:10:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-4116", | |
"publishedDate": "2020-01-31T18:15:00Z", | |
"resource": "perl-base", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "perl: File::Temp insecure temporary file handling", | |
"vulnerabilityID": "CVE-2011-4116" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "5.28.1-6", | |
"lastModifiedDate": "2023-06-21T18:19:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31486", | |
"publishedDate": "2023-04-29T00:15:00Z", | |
"resource": "perl-base", | |
"score": 8.1, | |
"severity": "LOW", | |
"target": "", | |
"title": "insecure TLS cert default", | |
"vulnerabilityID": "CVE-2023-31486" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.30+dfsg-6", | |
"lastModifiedDate": "2021-06-18T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2005-2541", | |
"publishedDate": "2005-08-10T04:00:00Z", | |
"resource": "tar", | |
"score": 7, | |
"severity": "LOW", | |
"target": "", | |
"title": "tar: does not properly warn the user when extracting setuid or setgid files", | |
"vulnerabilityID": "CVE-2005-2541" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.30+dfsg-6", | |
"lastModifiedDate": "2021-06-29T15:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9923", | |
"publishedDate": "2019-03-22T08:29:00Z", | |
"resource": "tar", | |
"score": 7.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "tar: null-pointer dereference in pax_decode_header in sparse.c", | |
"vulnerabilityID": "CVE-2019-9923" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.30+dfsg-6", | |
"lastModifiedDate": "2021-06-03T18:53:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20193", | |
"publishedDate": "2021-03-26T17:15:00Z", | |
"resource": "tar", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "tar: Memory leak in read_header() in list.c", | |
"vulnerabilityID": "CVE-2021-20193" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1.30+dfsg-6", | |
"lastModifiedDate": "2023-05-30T17:16:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-48303", | |
"publishedDate": "2023-01-30T04:15:00Z", | |
"resource": "tar", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "heap buffer overflow at from_header() in list.c via specially crafted checksum", | |
"vulnerabilityID": "CVE-2022-48303" | |
}, | |
{ | |
"fixedVersion": "2021a-0+deb10u7", | |
"installedVersion": "2019c-0+deb10u1", | |
"lastModifiedDate": "", | |
"links": [], | |
"publishedDate": "", | |
"resource": "tzdata", | |
"severity": "UNKNOWN", | |
"target": "", | |
"title": "tzdata - new timezone database", | |
"vulnerabilityID": "DLA-3134-1" | |
}, | |
{ | |
"fixedVersion": "2021a-0+deb10u8", | |
"installedVersion": "2019c-0+deb10u1", | |
"lastModifiedDate": "", | |
"links": [], | |
"publishedDate": "", | |
"resource": "tzdata", | |
"severity": "UNKNOWN", | |
"target": "", | |
"title": "tzdata - new timezone database", | |
"vulnerabilityID": "DLA-3161-1" | |
}, | |
{ | |
"fixedVersion": "2021a-0+deb10u10", | |
"installedVersion": "2019c-0+deb10u1", | |
"lastModifiedDate": "", | |
"links": [], | |
"publishedDate": "", | |
"resource": "tzdata", | |
"severity": "UNKNOWN", | |
"target": "", | |
"title": "tzdata - new timezone database", | |
"vulnerabilityID": "DLA-3366-1" | |
}, | |
{ | |
"fixedVersion": "2021a-0+deb10u11", | |
"installedVersion": "2019c-0+deb10u1", | |
"lastModifiedDate": "", | |
"links": [], | |
"publishedDate": "", | |
"resource": "tzdata", | |
"severity": "UNKNOWN", | |
"target": "", | |
"title": "tzdata - new timezone database", | |
"vulnerabilityID": "DLA-3412-1" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2021-10-18T12:18:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600", | |
"publishedDate": "2021-07-30T14:15:00Z", | |
"resource": "util-linux", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c", | |
"vulnerabilityID": "CVE-2021-37600" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "2.33.1-0.1", | |
"lastModifiedDate": "2022-06-03T14:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563", | |
"publishedDate": "2022-02-21T19:15:00Z", | |
"resource": "util-linux", | |
"score": 5.5, | |
"severity": "LOW", | |
"target": "", | |
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", | |
"vulnerabilityID": "CVE-2022-0563" | |
}, | |
{ | |
"fixedVersion": "1:1.2.11.dfsg-1+deb10u2", | |
"installedVersion": "1:1.2.11.dfsg-1", | |
"lastModifiedDate": "2023-07-19T00:56:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-37434", | |
"publishedDate": "2022-08-05T07:15:00Z", | |
"resource": "zlib1g", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field", | |
"vulnerabilityID": "CVE-2022-37434" | |
}, | |
{ | |
"fixedVersion": "", | |
"installedVersion": "1:1.2.11.dfsg-1", | |
"lastModifiedDate": "2023-10-20T21:15:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-45853", | |
"publishedDate": "2023-10-14T02:15:00Z", | |
"resource": "zlib1g", | |
"score": 9.8, | |
"severity": "CRITICAL", | |
"target": "", | |
"title": "integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6", | |
"vulnerabilityID": "CVE-2023-45853" | |
}, | |
{ | |
"fixedVersion": "1:1.2.11.dfsg-1+deb10u1", | |
"installedVersion": "1:1.2.11.dfsg-1", | |
"lastModifiedDate": "2023-08-04T18:48:00Z", | |
"links": [], | |
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25032", | |
"publishedDate": "2022-03-25T09:15:00Z", | |
"resource": "zlib1g", | |
"score": 7.5, | |
"severity": "HIGH", | |
"target": "", | |
"title": "A flaw found in zlib when compressing (not decompressing) certain inputs", | |
"vulnerabilityID": "CVE-2018-25032" | |
} | |
] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment