Skip to content

Instantly share code, notes, and snippets.

@shaikkhajaibrahim

shaikkhajaibrahim/Nginx Vulnerabiliites

Created October 22, 2023 09:24
Show Gist options
  • Save shaikkhajaibrahim/a58c8e1aefac4014a24956bcbd808346 to your computer and use it in GitHub Desktop.
Save shaikkhajaibrahim/a58c8e1aefac4014a24956bcbd808346 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Nginx Vulnerabiliites
{
"apiVersion": "aquasecurity.github.io/v1alpha1",
"kind": "VulnerabilityReport",
"metadata": {
"annotations": {
"trivy-operator.aquasecurity.github.io/report-ttl": "24h0m0s"
},
"creationTimestamp": "2023-10-22T09:06:22Z",
"generation": 1,
"labels": {
"resource-spec-hash": "75787f75b5",
"trivy-operator.container.name": "nginx",
"trivy-operator.resource.kind": "ReplicaSet",
"trivy-operator.resource.name": "nginx-85bfcd86d5",
"trivy-operator.resource.namespace": "default"
},
"name": "replicaset-nginx-85bfcd86d5-nginx",
"namespace": "default",
"ownerReferences": [
{
"apiVersion": "apps/v1",
"blockOwnerDeletion": false,
"controller": true,
"kind": "ReplicaSet",
"name": "nginx-85bfcd86d5",
"uid": "db06c0ec-86f5-4754-9432-ee31a241eb25"
}
],
"resourceVersion": "2392",
"uid": "81483733-34cd-4792-99cb-4e79aa430a4d"
},
"report": {
"artifact": {
"digest": "sha256:dfcfd8e9a5d38fb82bc8f9c299beba2df2232b7712b62875d5238cead7a5831c",
"repository": "library/nginx",
"tag": "1.16"
},
"registry": {
"server": "index.docker.io"
},
"scanner": {
"name": "Trivy",
"vendor": "Aqua Security",
"version": "0.45.1"
},
"summary": {
"criticalCount": 40,
"highCount": 107,
"lowCount": 129,
"mediumCount": 128,
"noneCount": 0,
"unknownCount": 7
},
"updateTimestamp": "2023-10-22T09:06:22Z",
"vulnerabilities": [
{
"fixedVersion": "1.8.2.2",
"installedVersion": "1.8.2",
"lastModifiedDate": "2022-10-29T02:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27350",
"publishedDate": "2020-12-10T04:15:00Z",
"resource": "apt",
"score": 5.7,
"severity": "MEDIUM",
"target": "",
"title": "apt: integer overflows and underflows while parsing .deb packages",
"vulnerabilityID": "CVE-2020-27350"
},
{
"fixedVersion": "1.8.2.1",
"installedVersion": "1.8.2",
"lastModifiedDate": "2022-04-27T14:45:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-3810",
"publishedDate": "2020-05-15T14:15:00Z",
"resource": "apt",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Missing input validation in the ar/tar implementations of APT before v ...",
"vulnerabilityID": "CVE-2020-3810"
},
{
"fixedVersion": "",
"installedVersion": "1.8.2",
"lastModifiedDate": "2021-02-09T16:08:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-3374",
"publishedDate": "2019-11-26T00:15:00Z",
"resource": "apt",
"score": 3.7,
"severity": "LOW",
"target": "",
"title": "It was found that apt-key in apt, all versions, do not correctly valid ...",
"vulnerabilityID": "CVE-2011-3374"
},
{
"fixedVersion": "",
"installedVersion": "5.0-4",
"lastModifiedDate": "2022-06-07T18:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-18276",
"publishedDate": "2019-11-28T01:15:00Z",
"resource": "bash",
"score": 7.8,
"severity": "LOW",
"target": "",
"title": "when effective UID is not equal to its real UID the saved UID is not dropped",
"vulnerabilityID": "CVE-2019-18276"
},
{
"fixedVersion": "",
"installedVersion": "1:2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "bsdutils",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "1:2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "bsdutils",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "",
"installedVersion": "8.30-3",
"lastModifiedDate": "2021-02-25T17:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-2781",
"publishedDate": "2017-02-07T15:59:00Z",
"resource": "coreutils",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "coreutils: Non-privileged session can escape to the parent session in chroot",
"vulnerabilityID": "CVE-2016-2781"
},
{
"fixedVersion": "",
"installedVersion": "8.30-3",
"lastModifiedDate": "2018-01-19T15:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-18018",
"publishedDate": "2018-01-04T04:29:00Z",
"resource": "coreutils",
"score": 4.7,
"severity": "LOW",
"target": "",
"title": "coreutils: race condition vulnerability in chown and chgrp",
"vulnerabilityID": "CVE-2017-18018"
},
{
"fixedVersion": "2019.1+deb10u2",
"installedVersion": "2019.1",
"lastModifiedDate": "",
"links": [],
"publishedDate": "",
"resource": "debian-archive-keyring",
"severity": "UNKNOWN",
"target": "",
"title": "debian-archive-keyring - security update",
"vulnerabilityID": "DLA-3482-1"
},
{
"fixedVersion": "1.19.8",
"installedVersion": "1.19.7",
"lastModifiedDate": "2022-12-03T02:19:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1664",
"publishedDate": "2022-05-26T14:15:00Z",
"resource": "dpkg",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Dpkg::Source::Archive in dpkg, the Debian package management system, b ...",
"vulnerabilityID": "CVE-2022-1664"
},
{
"fixedVersion": "",
"installedVersion": "1.44.5-1+deb10u3",
"lastModifiedDate": "2023-02-12T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304",
"publishedDate": "2022-04-14T21:15:00Z",
"resource": "e2fsprogs",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "out-of-bounds read/write via crafted filesystem",
"vulnerabilityID": "CVE-2022-1304"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "fdisk",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "fdisk",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "",
"installedVersion": "8.3.0-6",
"lastModifiedDate": "2020-08-24T17:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-12886",
"publishedDate": "2019-05-22T19:29:00Z",
"resource": "gcc-8-base",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass",
"vulnerabilityID": "CVE-2018-12886"
},
{
"fixedVersion": "",
"installedVersion": "8.3.0-6",
"lastModifiedDate": "2020-09-17T13:38:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-15847",
"publishedDate": "2019-09-02T23:15:00Z",
"resource": "gcc-8-base",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output",
"vulnerabilityID": "CVE-2019-15847"
},
{
"fixedVersion": "",
"installedVersion": "8.3.0-6",
"lastModifiedDate": "2023-09-14T20:01:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4039",
"publishedDate": "2023-09-13T09:15:00Z",
"resource": "gcc-8-base",
"score": 4.8,
"severity": "MEDIUM",
"target": "",
"title": "-fstack-protector fails to guard dynamic stack allocations on ARM64",
"vulnerabilityID": "CVE-2023-4039"
},
{
"fixedVersion": "2.2.12-1+deb10u2",
"installedVersion": "2.2.12-1+deb10u1",
"lastModifiedDate": "2022-09-09T20:40:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-34903",
"publishedDate": "2022-07-01T22:15:00Z",
"resource": "gpgv",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "Signature spoofing via status line injection",
"vulnerabilityID": "CVE-2022-34903"
},
{
"fixedVersion": "",
"installedVersion": "2.2.12-1+deb10u1",
"lastModifiedDate": "2022-11-08T02:28:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-14855",
"publishedDate": "2020-03-20T16:15:00Z",
"resource": "gpgv",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "gnupg2: OpenPGP Key Certification Forgeries with SHA-1",
"vulnerabilityID": "CVE-2019-14855"
},
{
"fixedVersion": "",
"installedVersion": "2.2.12-1+deb10u1",
"lastModifiedDate": "2023-05-26T16:31:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3219",
"publishedDate": "2023-02-23T20:15:00Z",
"resource": "gpgv",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "denial of service issue (resource consumption) using compressed packets",
"vulnerabilityID": "CVE-2022-3219"
},
{
"fixedVersion": "1.9-3+deb10u1",
"installedVersion": "1.9-3",
"lastModifiedDate": "2022-10-07T14:14:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1271",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "gzip",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "arbitrary-file-write vulnerability",
"vulnerabilityID": "CVE-2022-1271"
},
{
"fixedVersion": "1.8.2.2",
"installedVersion": "1.8.2",
"lastModifiedDate": "2022-10-29T02:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27350",
"publishedDate": "2020-12-10T04:15:00Z",
"resource": "libapt-pkg5.0",
"score": 5.7,
"severity": "MEDIUM",
"target": "",
"title": "apt: integer overflows and underflows while parsing .deb packages",
"vulnerabilityID": "CVE-2020-27350"
},
{
"fixedVersion": "1.8.2.1",
"installedVersion": "1.8.2",
"lastModifiedDate": "2022-04-27T14:45:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-3810",
"publishedDate": "2020-05-15T14:15:00Z",
"resource": "libapt-pkg5.0",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Missing input validation in the ar/tar implementations of APT before v ...",
"vulnerabilityID": "CVE-2020-3810"
},
{
"fixedVersion": "",
"installedVersion": "1.8.2",
"lastModifiedDate": "2021-02-09T16:08:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-3374",
"publishedDate": "2019-11-26T00:15:00Z",
"resource": "libapt-pkg5.0",
"score": 3.7,
"severity": "LOW",
"target": "",
"title": "It was found that apt-key in apt, all versions, do not correctly valid ...",
"vulnerabilityID": "CVE-2011-3374"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "libblkid1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "libblkid1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "0.9.1-2+deb10u1",
"installedVersion": "0.9.1-2",
"lastModifiedDate": "2021-04-01T13:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20367",
"publishedDate": "2020-01-08T17:15:00Z",
"resource": "libbsd0",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...",
"vulnerabilityID": "CVE-2019-20367"
},
{
"fixedVersion": "1.0.6-9.2~deb10u2",
"installedVersion": "1.0.6-9.2~deb10u1",
"lastModifiedDate": "",
"links": [],
"publishedDate": "",
"resource": "libbz2-1.0",
"severity": "UNKNOWN",
"target": "",
"title": "bzip2 - bugfix update",
"vulnerabilityID": "DLA-3112-1"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33574",
"publishedDate": "2021-05-25T22:15:00Z",
"resource": "libc-bin",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "mq_notify does not handle separately allocated thread attributes",
"vulnerabilityID": "CVE-2021-33574"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-35942",
"publishedDate": "2021-07-22T18:15:00Z",
"resource": "libc-bin",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "Arbitrary read in wordexp()",
"vulnerabilityID": "CVE-2021-35942"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23218",
"publishedDate": "2022-01-14T07:15:00Z",
"resource": "libc-bin",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Stack-based buffer overflow in svcunix_create via long pathnames",
"vulnerabilityID": "CVE-2022-23218"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:32:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23219",
"publishedDate": "2022-01-14T07:15:00Z",
"resource": "libc-bin",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Stack-based buffer overflow in sunrpc clnt_create via a long pathname",
"vulnerabilityID": "CVE-2022-23219"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-01-27T18:34:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1751",
"publishedDate": "2020-04-17T19:15:00Z",
"resource": "libc-bin",
"score": 7,
"severity": "HIGH",
"target": "",
"title": "glibc: array overflow in backtrace functions for powerpc",
"vulnerabilityID": "CVE-2020-1751"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-10-28T20:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1752",
"publishedDate": "2020-04-30T17:15:00Z",
"resource": "libc-bin",
"score": 7,
"severity": "HIGH",
"target": "",
"title": "use-after-free in glob() function when expanding ~user",
"vulnerabilityID": "CVE-2020-1752"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-21T19:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-6096",
"publishedDate": "2020-04-01T22:15:00Z",
"resource": "libc-bin",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function",
"vulnerabilityID": "CVE-2020-6096"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-04T20:07:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3326",
"publishedDate": "2021-01-27T20:15:00Z",
"resource": "libc-bin",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Assertion failure in ISO-2022-JP-3 gconv module related to combining characters",
"vulnerabilityID": "CVE-2021-3326"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-02-12T23:43:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3999",
"publishedDate": "2022-08-24T16:15:00Z",
"resource": "libc-bin",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Off-by-one buffer overflow/underflow in getcwd()",
"vulnerabilityID": "CVE-2021-3999"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-10-17T18:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-10228",
"publishedDate": "2017-03-02T01:59:00Z",
"resource": "libc-bin",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "glibc: iconv program can hang when invoked with the -c option",
"vulnerabilityID": "CVE-2016-10228"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-03T19:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-25013",
"publishedDate": "2021-01-04T18:15:00Z",
"resource": "libc-bin",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding",
"vulnerabilityID": "CVE-2019-25013"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-10T03:31:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10029",
"publishedDate": "2020-03-04T15:15:00Z",
"resource": "libc-bin",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions",
"vulnerabilityID": "CVE-2020-10029"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-10-28T20:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27618",
"publishedDate": "2021-02-26T23:15:00Z",
"resource": "libc-bin",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop",
"vulnerabilityID": "CVE-2020-27618"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-10-05T16:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4806",
"publishedDate": "2023-09-18T17:15:00Z",
"resource": "libc-bin",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "potential use-after-free in getaddrinfo()",
"vulnerabilityID": "CVE-2023-4806"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-10-13T01:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4813",
"publishedDate": "2023-09-12T22:15:00Z",
"resource": "libc-bin",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "potential use-after-free in gaih_inet()",
"vulnerabilityID": "CVE-2023-4813"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2021-09-01T12:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2010-4756",
"publishedDate": "2011-03-02T20:00:00Z",
"resource": "libc-bin",
"severity": "LOW",
"target": "",
"title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions",
"vulnerabilityID": "CVE-2010-4756"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2019-11-05T21:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-20796",
"publishedDate": "2019-02-26T02:29:00Z",
"resource": "libc-bin",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c",
"vulnerabilityID": "CVE-2018-20796"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2021-06-10T17:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010022",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc-bin",
"score": 9.8,
"severity": "LOW",
"target": "",
"title": "glibc: stack guard protection bypass",
"vulnerabilityID": "CVE-2019-1010022"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-11-16T20:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010023",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc-bin",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation",
"vulnerabilityID": "CVE-2019-1010023"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-11-16T20:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010024",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc-bin",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "glibc: ASLR bypass using cache of thread stack and heap",
"vulnerabilityID": "CVE-2019-1010024"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-11-16T20:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010025",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc-bin",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "glibc: information disclosure of heap addresses of pthread_created thread",
"vulnerabilityID": "CVE-2019-1010025"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T03:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19126",
"publishedDate": "2019-11-19T22:15:00Z",
"resource": "libc-bin",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries",
"vulnerabilityID": "CVE-2019-19126"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-08-24T17:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9192",
"publishedDate": "2019-02-26T18:29:00Z",
"resource": "libc-bin",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c",
"vulnerabilityID": "CVE-2019-9192"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-04T20:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-27645",
"publishedDate": "2021-02-24T15:15:00Z",
"resource": "libc-bin",
"score": 2.5,
"severity": "LOW",
"target": "",
"title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c",
"vulnerabilityID": "CVE-2021-27645"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33574",
"publishedDate": "2021-05-25T22:15:00Z",
"resource": "libc6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "mq_notify does not handle separately allocated thread attributes",
"vulnerabilityID": "CVE-2021-33574"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-35942",
"publishedDate": "2021-07-22T18:15:00Z",
"resource": "libc6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "Arbitrary read in wordexp()",
"vulnerabilityID": "CVE-2021-35942"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23218",
"publishedDate": "2022-01-14T07:15:00Z",
"resource": "libc6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Stack-based buffer overflow in svcunix_create via long pathnames",
"vulnerabilityID": "CVE-2022-23218"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T13:32:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23219",
"publishedDate": "2022-01-14T07:15:00Z",
"resource": "libc6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Stack-based buffer overflow in sunrpc clnt_create via a long pathname",
"vulnerabilityID": "CVE-2022-23219"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-01-27T18:34:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1751",
"publishedDate": "2020-04-17T19:15:00Z",
"resource": "libc6",
"score": 7,
"severity": "HIGH",
"target": "",
"title": "glibc: array overflow in backtrace functions for powerpc",
"vulnerabilityID": "CVE-2020-1751"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-10-28T20:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1752",
"publishedDate": "2020-04-30T17:15:00Z",
"resource": "libc6",
"score": 7,
"severity": "HIGH",
"target": "",
"title": "use-after-free in glob() function when expanding ~user",
"vulnerabilityID": "CVE-2020-1752"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-21T19:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-6096",
"publishedDate": "2020-04-01T22:15:00Z",
"resource": "libc6",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function",
"vulnerabilityID": "CVE-2020-6096"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-04T20:07:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3326",
"publishedDate": "2021-01-27T20:15:00Z",
"resource": "libc6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Assertion failure in ISO-2022-JP-3 gconv module related to combining characters",
"vulnerabilityID": "CVE-2021-3326"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-02-12T23:43:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3999",
"publishedDate": "2022-08-24T16:15:00Z",
"resource": "libc6",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Off-by-one buffer overflow/underflow in getcwd()",
"vulnerabilityID": "CVE-2021-3999"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-10-17T18:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-10228",
"publishedDate": "2017-03-02T01:59:00Z",
"resource": "libc6",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "glibc: iconv program can hang when invoked with the -c option",
"vulnerabilityID": "CVE-2016-10228"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-03T19:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-25013",
"publishedDate": "2021-01-04T18:15:00Z",
"resource": "libc6",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding",
"vulnerabilityID": "CVE-2019-25013"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-10T03:31:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10029",
"publishedDate": "2020-03-04T15:15:00Z",
"resource": "libc6",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions",
"vulnerabilityID": "CVE-2020-10029"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-10-28T20:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-27618",
"publishedDate": "2021-02-26T23:15:00Z",
"resource": "libc6",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop",
"vulnerabilityID": "CVE-2020-27618"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-10-05T16:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4806",
"publishedDate": "2023-09-18T17:15:00Z",
"resource": "libc6",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "potential use-after-free in getaddrinfo()",
"vulnerabilityID": "CVE-2023-4806"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2023-10-13T01:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4813",
"publishedDate": "2023-09-12T22:15:00Z",
"resource": "libc6",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "potential use-after-free in gaih_inet()",
"vulnerabilityID": "CVE-2023-4813"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2021-09-01T12:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2010-4756",
"publishedDate": "2011-03-02T20:00:00Z",
"resource": "libc6",
"severity": "LOW",
"target": "",
"title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions",
"vulnerabilityID": "CVE-2010-4756"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2019-11-05T21:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-20796",
"publishedDate": "2019-02-26T02:29:00Z",
"resource": "libc6",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c",
"vulnerabilityID": "CVE-2018-20796"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2021-06-10T17:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010022",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc6",
"score": 9.8,
"severity": "LOW",
"target": "",
"title": "glibc: stack guard protection bypass",
"vulnerabilityID": "CVE-2019-1010022"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-11-16T20:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010023",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc6",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation",
"vulnerabilityID": "CVE-2019-1010023"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-11-16T20:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010024",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc6",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "glibc: ASLR bypass using cache of thread stack and heap",
"vulnerabilityID": "CVE-2019-1010024"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-11-16T20:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1010025",
"publishedDate": "2019-07-15T04:15:00Z",
"resource": "libc6",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "glibc: information disclosure of heap addresses of pthread_created thread",
"vulnerabilityID": "CVE-2019-1010025"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-08T03:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19126",
"publishedDate": "2019-11-19T22:15:00Z",
"resource": "libc6",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries",
"vulnerabilityID": "CVE-2019-19126"
},
{
"fixedVersion": "",
"installedVersion": "2.28-10",
"lastModifiedDate": "2020-08-24T17:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9192",
"publishedDate": "2019-02-26T18:29:00Z",
"resource": "libc6",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c",
"vulnerabilityID": "CVE-2019-9192"
},
{
"fixedVersion": "2.28-10+deb10u2",
"installedVersion": "2.28-10",
"lastModifiedDate": "2022-11-04T20:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-27645",
"publishedDate": "2021-02-24T15:15:00Z",
"resource": "libc6",
"score": 2.5,
"severity": "LOW",
"target": "",
"title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c",
"vulnerabilityID": "CVE-2021-27645"
},
{
"fixedVersion": "",
"installedVersion": "1.44.5-1+deb10u3",
"lastModifiedDate": "2023-02-12T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304",
"publishedDate": "2022-04-14T21:15:00Z",
"resource": "libcom-err2",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "out-of-bounds read/write via crafted filesystem",
"vulnerabilityID": "CVE-2022-1304"
},
{
"fixedVersion": "",
"installedVersion": "5.3.28+dfsg1-0.5",
"lastModifiedDate": "2021-07-31T08:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-8457",
"publishedDate": "2019-05-30T16:29:00Z",
"resource": "libdb5.3",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "heap out-of-bound read in function rtreenode()",
"vulnerabilityID": "CVE-2019-8457"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T15:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22822",
"publishedDate": "2022-01-10T14:12:00Z",
"resource": "libexpat1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Integer overflow in addBinding in xmlparse.c",
"vulnerabilityID": "CVE-2022-22822"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T14:47:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22823",
"publishedDate": "2022-01-10T14:12:00Z",
"resource": "libexpat1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Integer overflow in build_model in xmlparse.c",
"vulnerabilityID": "CVE-2022-22823"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T14:47:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22824",
"publishedDate": "2022-01-10T14:12:00Z",
"resource": "libexpat1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Integer overflow in defineAttribute in xmlparse.c",
"vulnerabilityID": "CVE-2022-22824"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-29T02:44:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23852",
"publishedDate": "2022-01-24T02:15:00Z",
"resource": "libexpat1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Integer overflow in function XML_GetBuffer",
"vulnerabilityID": "CVE-2022-23852"
},
{
"fixedVersion": "2.2.6-2+deb10u3",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-07T15:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25235",
"publishedDate": "2022-02-16T01:15:00Z",
"resource": "libexpat1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"vulnerabilityID": "CVE-2022-25235"
},
{
"fixedVersion": "2.2.6-2+deb10u3",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-07T00:58:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25236",
"publishedDate": "2022-02-16T01:15:00Z",
"resource": "libexpat1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "prefix]\" attribute values can lead to arbitrary code execution",
"vulnerabilityID": "CVE-2022-25236"
},
{
"fixedVersion": "2.2.6-2+deb10u3",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-05T21:00:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25315",
"publishedDate": "2022-02-18T05:15:00Z",
"resource": "libexpat1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Integer overflow in storeRawNames()",
"vulnerabilityID": "CVE-2022-25315"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T19:08:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-45960",
"publishedDate": "2022-01-01T19:15:00Z",
"resource": "libexpat1",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "Large number of prefixed XML attributes on a single tag can crash libexpat",
"vulnerabilityID": "CVE-2021-45960"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T19:11:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-46143",
"publishedDate": "2022-01-06T04:15:00Z",
"resource": "libexpat1",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Integer overflow in doProlog in xmlparse.c",
"vulnerabilityID": "CVE-2021-46143"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T14:47:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22825",
"publishedDate": "2022-01-10T14:12:00Z",
"resource": "libexpat1",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "Integer overflow in lookup in xmlparse.c",
"vulnerabilityID": "CVE-2022-22825"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T12:44:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22826",
"publishedDate": "2022-01-10T14:12:00Z",
"resource": "libexpat1",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "Integer overflow in nextScaffoldPart in xmlparse.c",
"vulnerabilityID": "CVE-2022-22826"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-06T12:52:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22827",
"publishedDate": "2022-01-10T14:12:00Z",
"resource": "libexpat1",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "Integer overflow in storeAtts in xmlparse.c",
"vulnerabilityID": "CVE-2022-22827"
},
{
"fixedVersion": "2.2.6-2+deb10u2",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-31T17:44:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23990",
"publishedDate": "2022-01-26T19:15:00Z",
"resource": "libexpat1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "integer overflow in the doProlog function",
"vulnerabilityID": "CVE-2022-23990"
},
{
"fixedVersion": "2.2.6-2+deb10u3",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-10-05T20:59:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25314",
"publishedDate": "2022-02-18T05:15:00Z",
"resource": "libexpat1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Integer overflow in copyString()",
"vulnerabilityID": "CVE-2022-25314"
},
{
"fixedVersion": "2.2.6-2+deb10u5",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2023-02-01T19:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40674",
"publishedDate": "2022-09-14T11:15:00Z",
"resource": "libexpat1",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "a use-after-free in the doContent function in xmlparse.c",
"vulnerabilityID": "CVE-2022-40674"
},
{
"fixedVersion": "2.2.6-2+deb10u6",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2022-12-02T23:00:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-43680",
"publishedDate": "2022-10-24T14:15:00Z",
"resource": "libexpat1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate",
"vulnerabilityID": "CVE-2022-43680"
},
{
"fixedVersion": "2.2.6-2+deb10u3",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2023-08-08T14:22:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-25313",
"publishedDate": "2022-02-18T05:15:00Z",
"resource": "libexpat1",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "Stack exhaustion in doctype parsing",
"vulnerabilityID": "CVE-2022-25313"
},
{
"fixedVersion": "",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "2023-02-13T04:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-0340",
"publishedDate": "2014-01-21T18:55:00Z",
"resource": "libexpat1",
"severity": "LOW",
"target": "",
"title": "expat: internal entity expansion",
"vulnerabilityID": "CVE-2013-0340"
},
{
"fixedVersion": "2.2.6-2+deb10u4",
"installedVersion": "2.2.6-2+deb10u1",
"lastModifiedDate": "",
"links": [],
"publishedDate": "",
"resource": "libexpat1",
"severity": "UNKNOWN",
"target": "",
"title": "expat - regression update",
"vulnerabilityID": "DSA-5085-2"
},
{
"fixedVersion": "",
"installedVersion": "1.44.5-1+deb10u3",
"lastModifiedDate": "2023-02-12T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304",
"publishedDate": "2022-04-14T21:15:00Z",
"resource": "libext2fs2",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "out-of-bounds read/write via crafted filesystem",
"vulnerabilityID": "CVE-2022-1304"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "libfdisk1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "libfdisk1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "2.9.1-3+deb10u3",
"installedVersion": "2.9.1-3+deb10u1",
"lastModifiedDate": "2022-07-27T13:44:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27404",
"publishedDate": "2022-04-22T14:15:00Z",
"resource": "libfreetype6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "Buffer overflow in sfnt_init_face",
"vulnerabilityID": "CVE-2022-27404"
},
{
"fixedVersion": "2.9.1-3+deb10u3",
"installedVersion": "2.9.1-3+deb10u1",
"lastModifiedDate": "2022-07-27T16:04:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27405",
"publishedDate": "2022-04-22T14:15:00Z",
"resource": "libfreetype6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Segmentation violation via FNT_Size_Request",
"vulnerabilityID": "CVE-2022-27405"
},
{
"fixedVersion": "2.9.1-3+deb10u3",
"installedVersion": "2.9.1-3+deb10u1",
"lastModifiedDate": "2022-07-27T16:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-27406",
"publishedDate": "2022-04-22T14:15:00Z",
"resource": "libfreetype6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Segmentation violation via FT_Request_Size",
"vulnerabilityID": "CVE-2022-27406"
},
{
"fixedVersion": "2.9.1-3+deb10u2",
"installedVersion": "2.9.1-3+deb10u1",
"lastModifiedDate": "2022-01-28T17:40:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-15999",
"publishedDate": "2020-11-03T03:15:00Z",
"resource": "libfreetype6",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png",
"vulnerabilityID": "CVE-2020-15999"
},
{
"fixedVersion": "",
"installedVersion": "2.9.1-3+deb10u1",
"lastModifiedDate": "2022-06-10T18:08:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-31782",
"publishedDate": "2022-06-02T14:15:00Z",
"resource": "libfreetype6",
"score": 7.8,
"severity": "LOW",
"target": "",
"title": "ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...",
"vulnerabilityID": "CVE-2022-31782"
},
{
"fixedVersion": "",
"installedVersion": "1:8.3.0-6",
"lastModifiedDate": "2020-08-24T17:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-12886",
"publishedDate": "2019-05-22T19:29:00Z",
"resource": "libgcc1",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass",
"vulnerabilityID": "CVE-2018-12886"
},
{
"fixedVersion": "",
"installedVersion": "1:8.3.0-6",
"lastModifiedDate": "2020-09-17T13:38:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-15847",
"publishedDate": "2019-09-02T23:15:00Z",
"resource": "libgcc1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output",
"vulnerabilityID": "CVE-2019-15847"
},
{
"fixedVersion": "",
"installedVersion": "1:8.3.0-6",
"lastModifiedDate": "2023-09-14T20:01:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4039",
"publishedDate": "2023-09-13T09:15:00Z",
"resource": "libgcc1",
"score": 4.8,
"severity": "MEDIUM",
"target": "",
"title": "-fstack-protector fails to guard dynamic stack allocations on ARM64",
"vulnerabilityID": "CVE-2023-4039"
},
{
"fixedVersion": "",
"installedVersion": "1.8.4-5",
"lastModifiedDate": "2022-12-07T01:20:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33560",
"publishedDate": "2021-06-08T11:15:00Z",
"resource": "libgcrypt20",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm",
"vulnerabilityID": "CVE-2021-33560"
},
{
"fixedVersion": "",
"installedVersion": "1.8.4-5",
"lastModifiedDate": "2021-07-21T11:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-13627",
"publishedDate": "2019-09-25T15:15:00Z",
"resource": "libgcrypt20",
"score": 6.3,
"severity": "MEDIUM",
"target": "",
"title": "ECDSA timing attack allowing private key leak",
"vulnerabilityID": "CVE-2019-13627"
},
{
"fixedVersion": "1.8.4-5+deb10u1",
"installedVersion": "1.8.4-5",
"lastModifiedDate": "2022-12-07T01:36:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-40528",
"publishedDate": "2021-09-06T19:15:00Z",
"resource": "libgcrypt20",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "ElGamal implementation allows plaintext recovery",
"vulnerabilityID": "CVE-2021-40528"
},
{
"fixedVersion": "",
"installedVersion": "1.8.4-5",
"lastModifiedDate": "2020-01-15T20:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-6829",
"publishedDate": "2018-02-07T23:29:00Z",
"resource": "libgcrypt20",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information",
"vulnerabilityID": "CVE-2018-6829"
},
{
"fixedVersion": "",
"installedVersion": "2.2.5-5.2",
"lastModifiedDate": "2020-02-27T19:09:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-6363",
"publishedDate": "2020-02-27T05:15:00Z",
"resource": "libgd3",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap- ...",
"vulnerabilityID": "CVE-2017-6363"
},
{
"fixedVersion": "",
"installedVersion": "2.2.5-5.2",
"lastModifiedDate": "2021-08-11T19:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-38115",
"publishedDate": "2021-08-04T21:15:00Z",
"resource": "libgd3",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...",
"vulnerabilityID": "CVE-2021-38115"
},
{
"fixedVersion": "",
"installedVersion": "2.2.5-5.2",
"lastModifiedDate": "2021-09-15T15:07:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-40812",
"publishedDate": "2021-09-08T21:15:00Z",
"resource": "libgd3",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...",
"vulnerabilityID": "CVE-2021-40812"
},
{
"fixedVersion": "",
"installedVersion": "2.2.5-5.2",
"lastModifiedDate": "2021-12-30T22:04:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14553",
"publishedDate": "2020-02-11T13:15:00Z",
"resource": "libgd3",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "gd: NULL pointer dereference in gdImageClone",
"vulnerabilityID": "CVE-2018-14553"
},
{
"fixedVersion": "",
"installedVersion": "2.2.5-5.2",
"lastModifiedDate": "2021-09-01T21:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-40145",
"publishedDate": "2021-08-26T01:15:00Z",
"resource": "libgd3",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) throu ...",
"vulnerabilityID": "CVE-2021-40145"
},
{
"fixedVersion": "2:6.1.2+dfsg-4+deb10u1",
"installedVersion": "2:6.1.2+dfsg-4",
"lastModifiedDate": "2023-09-29T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-43618",
"publishedDate": "2021-11-15T04:15:00Z",
"resource": "libgmp10",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Integer overflow and resultant buffer overflow via crafted input",
"vulnerabilityID": "CVE-2021-43618"
},
{
"fixedVersion": "3.6.7-4+deb10u7",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2021-06-01T14:07:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20231",
"publishedDate": "2021-03-12T19:15:00Z",
"resource": "libgnutls30",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "gnutls: Use after free in client key_share extension",
"vulnerabilityID": "CVE-2021-20231"
},
{
"fixedVersion": "3.6.7-4+deb10u7",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2021-05-17T14:30:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20232",
"publishedDate": "2021-03-12T19:15:00Z",
"resource": "libgnutls30",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c",
"vulnerabilityID": "CVE-2021-20232"
},
{
"fixedVersion": "3.6.7-4+deb10u4",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2023-03-01T16:48:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13777",
"publishedDate": "2020-06-04T07:15:00Z",
"resource": "libgnutls30",
"score": 7.4,
"severity": "HIGH",
"target": "",
"title": "gnutls: session resumption works without master key allowing MITM",
"vulnerabilityID": "CVE-2020-13777"
},
{
"fixedVersion": "3.6.7-4+deb10u7",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2023-02-27T15:30:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-24659",
"publishedDate": "2020-09-04T15:15:00Z",
"resource": "libgnutls30",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent",
"vulnerabilityID": "CVE-2020-24659"
},
{
"fixedVersion": "3.6.7-4+deb10u9",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2022-08-19T12:10:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2509",
"publishedDate": "2022-08-01T14:15:00Z",
"resource": "libgnutls30",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Double free during gnutls_pkcs7_verify",
"vulnerabilityID": "CVE-2022-2509"
},
{
"fixedVersion": "3.6.7-4+deb10u10",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2023-07-25T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0361",
"publishedDate": "2023-02-15T18:15:00Z",
"resource": "libgnutls30",
"score": 7.4,
"severity": "HIGH",
"target": "",
"title": "timing side-channel in the TLS RSA key exchange code",
"vulnerabilityID": "CVE-2023-0361"
},
{
"fixedVersion": "3.6.7-4+deb10u9",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2022-10-27T16:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-4209",
"publishedDate": "2022-08-24T16:15:00Z",
"resource": "libgnutls30",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "Null pointer dereference in MD_UPDATE",
"vulnerabilityID": "CVE-2021-4209"
},
{
"fixedVersion": "",
"installedVersion": "3.6.7-4+deb10u3",
"lastModifiedDate": "2022-11-29T15:56:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-3389",
"publishedDate": "2011-09-06T19:55:00Z",
"resource": "libgnutls30",
"severity": "LOW",
"target": "",
"title": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)",
"vulnerabilityID": "CVE-2011-3389"
},
{
"fixedVersion": "3.4.1-1+deb10u1",
"installedVersion": "3.4.1-1",
"lastModifiedDate": "2021-12-06T13:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20305",
"publishedDate": "2021-04-05T22:15:00Z",
"resource": "libhogweed4",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "nettle: Out of bounds memory access in signature verification",
"vulnerabilityID": "CVE-2021-20305"
},
{
"fixedVersion": "3.4.1-1+deb10u1",
"installedVersion": "3.4.1-1",
"lastModifiedDate": "2021-11-26T21:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3580",
"publishedDate": "2021-08-05T21:15:00Z",
"resource": "libhogweed4",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Remote crash in RSA decryption via manipulated ciphertext",
"vulnerabilityID": "CVE-2021-3580"
},
{
"fixedVersion": "63.1-6+deb10u2",
"installedVersion": "63.1-6+deb10u1",
"lastModifiedDate": "2021-11-29T17:20:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-21913",
"publishedDate": "2021-09-20T14:15:00Z",
"resource": "libicu63",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp",
"vulnerabilityID": "CVE-2020-21913"
},
{
"fixedVersion": "",
"installedVersion": "2.0.5-1+deb10u1",
"lastModifiedDate": "2019-10-29T19:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-12290",
"publishedDate": "2019-10-22T16:15:00Z",
"resource": "libidn2-0",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ...",
"vulnerabilityID": "CVE-2019-12290"
},
{
"fixedVersion": "",
"installedVersion": "2.1-3.1+b2",
"lastModifiedDate": "2021-02-25T17:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-9937",
"publishedDate": "2017-06-26T12:29:00Z",
"resource": "libjbig0",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "libtiff: memory malloc failure in tif_jbig.c could cause DOS.",
"vulnerabilityID": "CVE-2017-9937"
},
{
"fixedVersion": "1:1.5.2-2+deb10u1",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2020-10-20T13:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13790",
"publishedDate": "2020-06-03T19:15:00Z",
"resource": "libjpeg62-turbo",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "heap-based buffer over-read in get_rgb_row() in rdppm.c",
"vulnerabilityID": "CVE-2020-13790"
},
{
"fixedVersion": "",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2022-09-20T17:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35538",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "libjpeg62-turbo",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Null pointer dereference in jcopy_sample_rows() function",
"vulnerabilityID": "CVE-2020-35538"
},
{
"fixedVersion": "",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2022-08-15T15:52:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-46822",
"publishedDate": "2022-06-18T16:15:00Z",
"resource": "libjpeg62-turbo",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.c",
"vulnerabilityID": "CVE-2021-46822"
},
{
"fixedVersion": "",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2018-07-11T01:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-15232",
"publishedDate": "2017-10-11T03:29:00Z",
"resource": "libjpeg62-turbo",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "libjpeg-turbo: NULL pointer dereference in jdpostct.c and jquant1.c",
"vulnerabilityID": "CVE-2017-15232"
},
{
"fixedVersion": "1:1.5.2-2+deb10u1",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2020-07-31T21:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-1152",
"publishedDate": "2018-06-18T14:29:00Z",
"resource": "libjpeg62-turbo",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "libjpeg-turbo: Divide by zero allows for denial of service via crafted BMP image",
"vulnerabilityID": "CVE-2018-1152"
},
{
"fixedVersion": "",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2020-06-25T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-11813",
"publishedDate": "2018-06-06T03:29:00Z",
"resource": "libjpeg62-turbo",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "\"cjpeg\" utility large loop because read_pixel in rdtarga.c mishandles EOF",
"vulnerabilityID": "CVE-2018-11813"
},
{
"fixedVersion": "1:1.5.2-2+deb10u1",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2020-07-31T21:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14498",
"publishedDate": "2019-03-07T23:29:00Z",
"resource": "libjpeg62-turbo",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service",
"vulnerabilityID": "CVE-2018-14498"
},
{
"fixedVersion": "1:1.5.2-2+deb10u1",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2022-06-02T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-2201",
"publishedDate": "2019-11-13T18:15:00Z",
"resource": "libjpeg62-turbo",
"score": 7.8,
"severity": "LOW",
"target": "",
"title": "libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images",
"vulnerabilityID": "CVE-2019-2201"
},
{
"fixedVersion": "",
"installedVersion": "1:1.5.2-2+b1",
"lastModifiedDate": "2022-11-07T14:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-17541",
"publishedDate": "2021-06-01T15:15:00Z",
"resource": "libjpeg62-turbo",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "Stack-based buffer overflow in the \"transform\" component",
"vulnerabilityID": "CVE-2020-17541"
},
{
"fixedVersion": "1.8.3-1+deb10u1",
"installedVersion": "1.8.3-1",
"lastModifiedDate": "2023-02-12T23:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3520",
"publishedDate": "2021-06-02T13:15:00Z",
"resource": "liblz4-1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "memory corruption due to an integer overflow bug caused by memmove argument",
"vulnerabilityID": "CVE-2021-3520"
},
{
"fixedVersion": "",
"installedVersion": "1.8.3-1",
"lastModifiedDate": "2021-07-23T12:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-17543",
"publishedDate": "2019-10-14T02:15:00Z",
"resource": "liblz4-1",
"score": 8.1,
"severity": "LOW",
"target": "",
"title": "lz4: heap-based buffer overflow in LZ4_write32",
"vulnerabilityID": "CVE-2019-17543"
},
{
"fixedVersion": "5.2.4-1+deb10u1",
"installedVersion": "5.2.4-1",
"lastModifiedDate": "2022-10-07T14:14:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1271",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "liblzma5",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "arbitrary-file-write vulnerability",
"vulnerabilityID": "CVE-2022-1271"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "libmount1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "libmount1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "6.1+20181013-2+deb10u3",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2022-11-08T19:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458",
"publishedDate": "2022-04-18T21:15:00Z",
"resource": "libncursesw6",
"score": 7.1,
"severity": "HIGH",
"target": "",
"title": "segfaulting OOB read",
"vulnerabilityID": "CVE-2022-29458"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-09-09T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491",
"publishedDate": "2023-04-14T01:15:00Z",
"resource": "libncursesw6",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Local users can trigger security-relevant memory corruption via malformed data",
"vulnerabilityID": "CVE-2023-29491"
},
{
"fixedVersion": "6.1+20181013-2+deb10u4",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-10-20T21:21:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189",
"publishedDate": "2023-08-22T19:16:00Z",
"resource": "libncursesw6",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "997",
"vulnerabilityID": "CVE-2020-19189"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-04-27T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537",
"publishedDate": "2021-09-20T16:15:00Z",
"resource": "libncursesw6",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c",
"vulnerabilityID": "CVE-2021-39537"
},
{
"fixedVersion": "3.4.1-1+deb10u1",
"installedVersion": "3.4.1-1",
"lastModifiedDate": "2021-12-06T13:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20305",
"publishedDate": "2021-04-05T22:15:00Z",
"resource": "libnettle6",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "nettle: Out of bounds memory access in signature verification",
"vulnerabilityID": "CVE-2021-20305"
},
{
"fixedVersion": "3.4.1-1+deb10u1",
"installedVersion": "3.4.1-1",
"lastModifiedDate": "2021-11-26T21:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3580",
"publishedDate": "2021-08-05T21:15:00Z",
"resource": "libnettle6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Remote crash in RSA decryption via manipulated ciphertext",
"vulnerabilityID": "CVE-2021-3580"
},
{
"fixedVersion": "0.23.15-2+deb10u1",
"installedVersion": "0.23.15-2",
"lastModifiedDate": "2022-08-06T03:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-29361",
"publishedDate": "2020-12-16T14:15:00Z",
"resource": "libp11-kit0",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "integer overflow when allocating memory for arrays or attributes and object identifiers",
"vulnerabilityID": "CVE-2020-29361"
},
{
"fixedVersion": "0.23.15-2+deb10u1",
"installedVersion": "0.23.15-2",
"lastModifiedDate": "2022-05-12T14:47:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-29363",
"publishedDate": "2020-12-16T14:15:00Z",
"resource": "libp11-kit0",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c",
"vulnerabilityID": "CVE-2020-29363"
},
{
"fixedVersion": "0.23.15-2+deb10u1",
"installedVersion": "0.23.15-2",
"lastModifiedDate": "2021-01-11T16:50:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-29362",
"publishedDate": "2020-12-16T14:15:00Z",
"resource": "libp11-kit0",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c",
"vulnerabilityID": "CVE-2020-29362"
},
{
"fixedVersion": "",
"installedVersion": "2:8.39-12",
"lastModifiedDate": "2022-12-03T03:00:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14155",
"publishedDate": "2020-06-15T17:15:00Z",
"resource": "libpcre3",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "pcre: Integer overflow when parsing callout numeric arguments",
"vulnerabilityID": "CVE-2020-14155"
},
{
"fixedVersion": "",
"installedVersion": "2:8.39-12",
"lastModifiedDate": "2023-04-12T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-11164",
"publishedDate": "2017-07-11T03:29:00Z",
"resource": "libpcre3",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "OP_KETRMAX feature in the match function in pcre_exec.c",
"vulnerabilityID": "CVE-2017-11164"
},
{
"fixedVersion": "",
"installedVersion": "2:8.39-12",
"lastModifiedDate": "2019-04-02T13:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-16231",
"publishedDate": "2019-03-21T15:59:00Z",
"resource": "libpcre3",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "pcre: self-recursive call in match() in pcre_exec.c leads to denial of service",
"vulnerabilityID": "CVE-2017-16231"
},
{
"fixedVersion": "",
"installedVersion": "2:8.39-12",
"lastModifiedDate": "2018-08-17T10:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-7245",
"publishedDate": "2017-03-23T21:59:00Z",
"resource": "libpcre3",
"score": 7.8,
"severity": "LOW",
"target": "",
"title": "stack-based buffer overflow write in pcre32_copy_substring",
"vulnerabilityID": "CVE-2017-7245"
},
{
"fixedVersion": "",
"installedVersion": "2:8.39-12",
"lastModifiedDate": "2018-08-17T10:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-7246",
"publishedDate": "2017-03-23T21:59:00Z",
"resource": "libpcre3",
"score": 7.8,
"severity": "LOW",
"target": "",
"title": "stack-based buffer overflow write in pcre32_copy_substring",
"vulnerabilityID": "CVE-2017-7246"
},
{
"fixedVersion": "",
"installedVersion": "2:8.39-12",
"lastModifiedDate": "2021-09-22T14:22:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20838",
"publishedDate": "2020-06-15T17:15:00Z",
"resource": "libpcre3",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1",
"vulnerabilityID": "CVE-2019-20838"
},
{
"fixedVersion": "",
"installedVersion": "1.6.36-6",
"lastModifiedDate": "2022-06-27T17:35:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14048",
"publishedDate": "2018-07-13T16:29:00Z",
"resource": "libpng16-16",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "png_free_data function causing denial of service",
"vulnerabilityID": "CVE-2018-14048"
},
{
"fixedVersion": "",
"installedVersion": "1.6.36-6",
"lastModifiedDate": "2023-03-01T01:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14550",
"publishedDate": "2019-07-10T12:15:00Z",
"resource": "libpng16-16",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "libpng: Stack-based buffer overflow in contrib/pngminus/pnm2png.c:get_token() potentially leading to arbitrary code execution",
"vulnerabilityID": "CVE-2018-14550"
},
{
"fixedVersion": "",
"installedVersion": "1.6.36-6",
"lastModifiedDate": "2020-08-24T17:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-6129",
"publishedDate": "2019-01-11T05:29:00Z",
"resource": "libpng16-16",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "libpng: memory leak of png_info struct in pngcp.c",
"vulnerabilityID": "CVE-2019-6129"
},
{
"fixedVersion": "",
"installedVersion": "1.6.36-6",
"lastModifiedDate": "2022-11-08T02:32:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-4214",
"publishedDate": "2022-08-24T16:15:00Z",
"resource": "libpng16-16",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "libpng: hardcoded value leads to heap-overflow",
"vulnerabilityID": "CVE-2021-4214"
},
{
"fixedVersion": "",
"installedVersion": "2.3.3-4",
"lastModifiedDate": "2020-08-24T17:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9893",
"publishedDate": "2019-03-21T16:01:00Z",
"resource": "libseccomp2",
"score": 9.8,
"severity": "LOW",
"target": "",
"title": "libseccomp: incorrect generation of syscall filters in libseccomp",
"vulnerabilityID": "CVE-2019-9893"
},
{
"fixedVersion": "",
"installedVersion": "2.8-1",
"lastModifiedDate": "2021-11-17T03:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36084",
"publishedDate": "2021-07-01T03:15:00Z",
"resource": "libsepol1",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "libsepol: use-after-free in __cil_verify_classperms()",
"vulnerabilityID": "CVE-2021-36084"
},
{
"fixedVersion": "",
"installedVersion": "2.8-1",
"lastModifiedDate": "2021-11-17T03:26:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36085",
"publishedDate": "2021-07-01T03:15:00Z",
"resource": "libsepol1",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "libsepol: use-after-free in __cil_verify_classperms()",
"vulnerabilityID": "CVE-2021-36085"
},
{
"fixedVersion": "",
"installedVersion": "2.8-1",
"lastModifiedDate": "2021-11-17T03:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36086",
"publishedDate": "2021-07-01T03:15:00Z",
"resource": "libsepol1",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "use-after-free in cil_reset_classpermission()",
"vulnerabilityID": "CVE-2021-36086"
},
{
"fixedVersion": "",
"installedVersion": "2.8-1",
"lastModifiedDate": "2021-11-17T14:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-36087",
"publishedDate": "2021-07-01T03:15:00Z",
"resource": "libsepol1",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "libsepol: heap-based buffer overflow in ebitmap_match_any()",
"vulnerabilityID": "CVE-2021-36087"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "libsmartcols1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "libsmartcols1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "",
"installedVersion": "1.44.5-1+deb10u3",
"lastModifiedDate": "2023-02-12T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1304",
"publishedDate": "2022-04-14T21:15:00Z",
"resource": "libss2",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "out-of-bounds read/write via crafted filesystem",
"vulnerabilityID": "CVE-2022-1304"
},
{
"fixedVersion": "1.1.1d-0+deb10u7",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-12-06T21:23:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3711",
"publishedDate": "2021-08-24T15:15:00Z",
"resource": "libssl1.1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "SM2 Decryption Buffer Overflow",
"vulnerabilityID": "CVE-2021-3711"
},
{
"fixedVersion": "1.1.1n-0+deb10u2",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-02-14T12:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1292",
"publishedDate": "2022-05-03T16:15:00Z",
"resource": "libssl1.1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "c_rehash script allows command injection",
"vulnerabilityID": "CVE-2022-1292"
},
{
"fixedVersion": "1.1.1n-0+deb10u3",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-03-01T16:23:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2068",
"publishedDate": "2022-06-21T15:15:00Z",
"resource": "libssl1.1",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "the c_rehash script allows command injection",
"vulnerabilityID": "CVE-2022-2068"
},
{
"fixedVersion": "1.1.1d-0+deb10u5",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-08-29T20:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-23840",
"publishedDate": "2021-02-16T17:15:00Z",
"resource": "libssl1.1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "integer overflow in CipherUpdate",
"vulnerabilityID": "CVE-2021-23840"
},
{
"fixedVersion": "1.1.1d-0+deb10u7",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-12-06T21:23:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3712",
"publishedDate": "2021-08-24T15:15:00Z",
"resource": "libssl1.1",
"score": 7.4,
"severity": "HIGH",
"target": "",
"title": "Read buffer overruns processing ASN.1 strings",
"vulnerabilityID": "CVE-2021-3712"
},
{
"fixedVersion": "1.1.1d-0+deb10u8",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-11-09T20:43:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0778",
"publishedDate": "2022-03-15T17:15:00Z",
"resource": "libssl1.1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates",
"vulnerabilityID": "CVE-2022-0778"
},
{
"fixedVersion": "1.1.1n-0+deb10u4",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-07-19T00:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4450",
"publishedDate": "2023-02-08T20:15:00Z",
"resource": "libssl1.1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "double free after calling PEM_read_bio_ex",
"vulnerabilityID": "CVE-2022-4450"
},
{
"fixedVersion": "1.1.1n-0+deb10u4",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-07-19T00:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0215",
"publishedDate": "2023-02-08T20:15:00Z",
"resource": "libssl1.1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "use-after-free following BIO_new_NDEF",
"vulnerabilityID": "CVE-2023-0215"
},
{
"fixedVersion": "1.1.1n-0+deb10u4",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-07-19T00:54:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0286",
"publishedDate": "2023-02-08T20:15:00Z",
"resource": "libssl1.1",
"score": 7.4,
"severity": "HIGH",
"target": "",
"title": "X.400 address type confusion in X.509 GeneralName",
"vulnerabilityID": "CVE-2023-0286"
},
{
"fixedVersion": "1.1.1n-0+deb10u5",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-06-08T19:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0464",
"publishedDate": "2023-03-22T17:15:00Z",
"resource": "libssl1.1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Denial of service by excessive resource usage in verifying X509 policy constraints",
"vulnerabilityID": "CVE-2023-0464"
},
{
"fixedVersion": "1.1.1d-0+deb10u5",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-04-19T15:36:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-1551",
"publishedDate": "2019-12-06T18:15:00Z",
"resource": "libssl1.1",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "Integer overflow in RSAZ modular exponentiation on x86_64",
"vulnerabilityID": "CVE-2019-1551"
},
{
"fixedVersion": "1.1.1d-0+deb10u4",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-08-29T20:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1971",
"publishedDate": "2020-12-08T16:15:00Z",
"resource": "libssl1.1",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "openssl: EDIPARTYNAME NULL pointer de-reference",
"vulnerabilityID": "CVE-2020-1971"
},
{
"fixedVersion": "1.1.1d-0+deb10u5",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-01-09T16:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-23841",
"publishedDate": "2021-02-16T17:15:00Z",
"resource": "libssl1.1",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()",
"vulnerabilityID": "CVE-2021-23841"
},
{
"fixedVersion": "1.1.1d-0+deb10u6",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-08-29T20:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3449",
"publishedDate": "2021-03-25T15:15:00Z",
"resource": "libssl1.1",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "openssl: NULL pointer dereference in signature_algorithms processing",
"vulnerabilityID": "CVE-2021-3449"
},
{
"fixedVersion": "1.1.1d-0+deb10u8",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-11-09T20:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-4160",
"publishedDate": "2022-01-28T22:15:00Z",
"resource": "libssl1.1",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "openssl: Carry propagation bug in the MIPS32 and MIPS64 squaring procedure",
"vulnerabilityID": "CVE-2021-4160"
},
{
"fixedVersion": "1.1.1n-0+deb10u4",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-08-08T14:22:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2097",
"publishedDate": "2022-07-05T11:15:00Z",
"resource": "libssl1.1",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "AES OCB fails to encrypt some bytes",
"vulnerabilityID": "CVE-2022-2097"
},
{
"fixedVersion": "1.1.1n-0+deb10u4",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-08-08T14:22:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4304",
"publishedDate": "2023-02-08T20:15:00Z",
"resource": "libssl1.1",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "timing attack in RSA Decryption implementation",
"vulnerabilityID": "CVE-2022-4304"
},
{
"fixedVersion": "1.1.1n-0+deb10u5",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-06-08T19:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0465",
"publishedDate": "2023-03-28T15:15:00Z",
"resource": "libssl1.1",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "Invalid certificate policies in leaf certificates are silently ignored",
"vulnerabilityID": "CVE-2023-0465"
},
{
"fixedVersion": "1.1.1n-0+deb10u5",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-09-28T18:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0466",
"publishedDate": "2023-03-28T15:15:00Z",
"resource": "libssl1.1",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "Certificate policy check not enabled",
"vulnerabilityID": "CVE-2023-0466"
},
{
"fixedVersion": "1.1.1n-0+deb10u5",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-08-29T18:04:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-2650",
"publishedDate": "2023-05-30T14:15:00Z",
"resource": "libssl1.1",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "Possible DoS translating ASN.1 object identifiers",
"vulnerabilityID": "CVE-2023-2650"
},
{
"fixedVersion": "1.1.1n-0+deb10u6",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-10-03T15:48:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3446",
"publishedDate": "2023-07-19T12:15:00Z",
"resource": "libssl1.1",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "Excessive time spent checking DH keys and parameters",
"vulnerabilityID": "CVE-2023-3446"
},
{
"fixedVersion": "1.1.1n-0+deb10u6",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2023-09-23T00:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3817",
"publishedDate": "2023-07-31T16:15:00Z",
"resource": "libssl1.1",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "Excessive time spent checking DH q parameter value",
"vulnerabilityID": "CVE-2023-3817"
},
{
"fixedVersion": "",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2022-11-01T14:44:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2007-6755",
"publishedDate": "2013-10-11T22:55:00Z",
"resource": "libssl1.1",
"severity": "LOW",
"target": "",
"title": "Dual_EC_DRBG: weak pseudo random number generator",
"vulnerabilityID": "CVE-2007-6755"
},
{
"fixedVersion": "",
"installedVersion": "1.1.1d-0+deb10u3",
"lastModifiedDate": "2017-08-17T01:32:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2010-0928",
"publishedDate": "2010-03-05T19:30:00Z",
"resource": "libssl1.1",
"severity": "LOW",
"target": "",
"title": "openssl: RSA authentication weakness",
"vulnerabilityID": "CVE-2010-0928"
},
{
"fixedVersion": "",
"installedVersion": "8.3.0-6",
"lastModifiedDate": "2020-08-24T17:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-12886",
"publishedDate": "2019-05-22T19:29:00Z",
"resource": "libstdc++6",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass",
"vulnerabilityID": "CVE-2018-12886"
},
{
"fixedVersion": "",
"installedVersion": "8.3.0-6",
"lastModifiedDate": "2020-09-17T13:38:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-15847",
"publishedDate": "2019-09-02T23:15:00Z",
"resource": "libstdc++6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "gcc: POWER9 \"DARN\" RNG intrinsic produces repeated output",
"vulnerabilityID": "CVE-2019-15847"
},
{
"fixedVersion": "",
"installedVersion": "8.3.0-6",
"lastModifiedDate": "2023-09-14T20:01:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4039",
"publishedDate": "2023-09-13T09:15:00Z",
"resource": "libstdc++6",
"score": 4.8,
"severity": "MEDIUM",
"target": "",
"title": "-fstack-protector fails to guard dynamic stack allocations on ARM64",
"vulnerabilityID": "CVE-2023-4039"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-31T18:53:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3843",
"publishedDate": "2019-04-26T21:29:00Z",
"resource": "libsystemd0",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "systemd: services with DynamicUser can create SUID/SGID binaries",
"vulnerabilityID": "CVE-2019-3843"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-31T18:52:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3844",
"publishedDate": "2019-04-26T21:29:00Z",
"resource": "libsystemd0",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "systemd: services with DynamicUser can get new privileges and create SGID binaries",
"vulnerabilityID": "CVE-2019-3844"
},
{
"fixedVersion": "241-7~deb10u4",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-11-29T16:25:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1712",
"publishedDate": "2020-03-31T17:15:00Z",
"resource": "libsystemd0",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "systemd: use-after-free when asynchronous polkit queries are performed",
"vulnerabilityID": "CVE-2020-1712"
},
{
"fixedVersion": "241-7~deb10u9",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-08-11T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26604",
"publishedDate": "2023-03-03T16:15:00Z",
"resource": "libsystemd0",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "privilege escalation via the less pager",
"vulnerabilityID": "CVE-2023-26604"
},
{
"fixedVersion": "241-7~deb10u8",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-06-14T11:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33910",
"publishedDate": "2021-07-20T19:15:00Z",
"resource": "libsystemd0",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash",
"vulnerabilityID": "CVE-2021-33910"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-05-03T12:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3997",
"publishedDate": "2022-08-23T20:15:00Z",
"resource": "libsystemd0",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Uncontrolled recursion in systemd-tmpfiles when removing files",
"vulnerabilityID": "CVE-2021-3997"
},
{
"fixedVersion": "241-7~deb10u10",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-29T23:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3821",
"publishedDate": "2022-11-08T22:15:00Z",
"resource": "libsystemd0",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "buffer overrun in format_timespan() function",
"vulnerabilityID": "CVE-2022-3821"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-02-02T16:19:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4415",
"publishedDate": "2023-01-11T15:15:00Z",
"resource": "libsystemd0",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting",
"vulnerabilityID": "CVE-2022-4415"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-31T17:49:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4392",
"publishedDate": "2013-10-28T22:55:00Z",
"resource": "libsystemd0",
"severity": "LOW",
"target": "",
"title": "TOCTOU race condition when updating file permissions and SELinux security contexts",
"vulnerabilityID": "CVE-2013-4392"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-28T21:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20386",
"publishedDate": "2020-01-21T06:15:00Z",
"resource": "libsystemd0",
"score": 2.4,
"severity": "LOW",
"target": "",
"title": "systemd: memory leak in button_open() in login/logind-button.c when udev events are received",
"vulnerabilityID": "CVE-2019-20386"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-10-07T02:59:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13529",
"publishedDate": "2021-05-10T16:15:00Z",
"resource": "libsystemd0",
"score": 6.1,
"severity": "LOW",
"target": "",
"title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
"vulnerabilityID": "CVE-2020-13529"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-23T19:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31437",
"publishedDate": "2023-06-13T17:15:00Z",
"resource": "libsystemd0",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "An issue was discovered in systemd 253. An attacker can modify a seale ...",
"vulnerabilityID": "CVE-2023-31437"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-23T19:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31438",
"publishedDate": "2023-06-13T17:15:00Z",
"resource": "libsystemd0",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...",
"vulnerabilityID": "CVE-2023-31438"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-23T19:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31439",
"publishedDate": "2023-06-13T17:15:00Z",
"resource": "libsystemd0",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "An issue was discovered in systemd 253. An attacker can modify the con ...",
"vulnerabilityID": "CVE-2023-31439"
},
{
"fixedVersion": "4.13-3+deb10u1",
"installedVersion": "4.13-3",
"lastModifiedDate": "2023-08-08T14:21:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-46848",
"publishedDate": "2022-10-24T14:15:00Z",
"resource": "libtasn1-6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "Out-of-bound access in ETYPE_OK",
"vulnerabilityID": "CVE-2021-46848"
},
{
"fixedVersion": "",
"installedVersion": "4.13-3",
"lastModifiedDate": "2021-02-25T17:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-1000654",
"publishedDate": "2018-08-20T19:31:00Z",
"resource": "libtasn1-6",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion",
"vulnerabilityID": "CVE-2018-1000654"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u2",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-07-30T03:48:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35523",
"publishedDate": "2021-03-09T20:15:00Z",
"resource": "libtiff5",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "libtiff: Integer overflow in tif_getimage.c",
"vulnerabilityID": "CVE-2020-35523"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u2",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-07-30T03:48:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35524",
"publishedDate": "2021-03-09T20:15:00Z",
"resource": "libtiff5",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "libtiff: Heap-based buffer overflow in TIFF2PDF tool",
"vulnerabilityID": "CVE-2020-35524"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-02T17:33:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0891",
"publishedDate": "2022-03-10T17:44:00Z",
"resource": "libtiff5",
"score": 7.1,
"severity": "HIGH",
"target": "",
"title": "libtiff: heap buffer overflow in extractImageSection",
"vulnerabilityID": "CVE-2022-0891"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-09-06T21:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3970",
"publishedDate": "2022-11-13T08:15:00Z",
"resource": "libtiff5",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "integer overflow in function TIFFReadRGBATileExt of the file",
"vulnerabilityID": "CVE-2022-3970"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-06-23T16:25:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-25434",
"publishedDate": "2023-06-14T20:15:00Z",
"resource": "libtiff5",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "heap-buffer overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-25434"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u3",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2021-11-30T19:38:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19143",
"publishedDate": "2021-09-09T15:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c",
"vulnerabilityID": "CVE-2020-19143"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-11-16T19:12:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0561",
"publishedDate": "2022-02-11T18:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "libtiff: Denial of Service via crafted TIFF file",
"vulnerabilityID": "CVE-2022-0561"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-11-16T19:13:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0562",
"publishedDate": "2022-02-11T18:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "libtiff: Null source pointer lead to Denial of Service via crafted TIFF file",
"vulnerabilityID": "CVE-2022-0562"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-22T17:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0865",
"publishedDate": "2022-03-10T17:44:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "libtiff: reachable assertion",
"vulnerabilityID": "CVE-2022-0865"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-08T14:21:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0907",
"publishedDate": "2022-03-11T18:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "tiff: NULL Pointer Dereference in tiffcrop",
"vulnerabilityID": "CVE-2022-0907"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-11-07T20:37:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0908",
"publishedDate": "2022-03-11T18:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c",
"vulnerabilityID": "CVE-2022-0908"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-11-07T20:38:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0909",
"publishedDate": "2022-03-11T18:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "tiff: Divide By Zero error in tiffcrop",
"vulnerabilityID": "CVE-2022-0909"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-11-16T19:24:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0924",
"publishedDate": "2022-03-11T18:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "libtiff: Out-of-bounds Read error in tiffcp",
"vulnerabilityID": "CVE-2022-0924"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:50:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1354",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c",
"vulnerabilityID": "CVE-2022-1354"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:52:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1355",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "libtiff5",
"score": 6.1,
"severity": "MEDIUM",
"target": "",
"title": "stack-buffer-overflow in tiffcp.c in main()",
"vulnerabilityID": "CVE-2022-1355"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2056",
"publishedDate": "2022-06-30T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "division by zero issues in tiffcrop",
"vulnerabilityID": "CVE-2022-2056"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2057",
"publishedDate": "2022-06-30T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "division by zero issues in tiffcrop",
"vulnerabilityID": "CVE-2022-2057"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:56:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2058",
"publishedDate": "2022-06-30T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "division by zero issues in tiffcrop",
"vulnerabilityID": "CVE-2022-2058"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u4",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-11-16T19:07:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-22844",
"publishedDate": "2022-01-10T14:12:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in _TIFFmemcpy() in tif_unix.c",
"vulnerabilityID": "CVE-2022-22844"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:49:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2867",
"publishedDate": "2022-08-17T22:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "uint32_t underflow leads to out of bounds read and write in tiffcrop.c",
"vulnerabilityID": "CVE-2022-2867"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-07-21T16:38:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2868",
"publishedDate": "2022-08-17T22:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()",
"vulnerabilityID": "CVE-2022-2868"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:49:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2869",
"publishedDate": "2022-08-17T22:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()",
"vulnerabilityID": "CVE-2022-2869"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-09T01:58:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-34526",
"publishedDate": "2022-07-29T23:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit",
"vulnerabilityID": "CVE-2022-34526"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T16:02:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3570",
"publishedDate": "2022-10-21T16:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "heap Buffer overflows in tiffcrop.c",
"vulnerabilityID": "CVE-2022-3570"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T16:04:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3597",
"publishedDate": "2022-10-21T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix",
"vulnerabilityID": "CVE-2022-3597"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-03-31T16:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3598",
"publishedDate": "2022-10-21T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2022-3598"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T16:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3599",
"publishedDate": "2022-10-21T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in writeSingleSection in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2022-3599"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-03-31T16:06:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3626",
"publishedDate": "2022-10-21T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c",
"vulnerabilityID": "CVE-2022-3626"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T16:07:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3627",
"publishedDate": "2022-10-21T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c",
"vulnerabilityID": "CVE-2022-3627"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-26T02:13:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40090",
"publishedDate": "2023-08-22T19:16:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "infinite loop via a crafted TIFF file",
"vulnerabilityID": "CVE-2022-40090"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-03-31T11:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4645",
"publishedDate": "2023-03-03T16:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in tiffcp in tools/tiffcp.c",
"vulnerabilityID": "CVE-2022-4645"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u6",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-48281",
"publishedDate": "2023-01-23T03:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2022-48281"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0795",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0795"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0796",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0796"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0797",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0797"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0798",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0798"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0799",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0799"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0800",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0800"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0801",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0801"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0802",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0802"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-05-30T06:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0803",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0803"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-09-01T06:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-0804",
"publishedDate": "2023-02-13T23:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-0804"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-01T02:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-25433",
"publishedDate": "2023-06-29T20:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Buffer Overflow via /libtiff/tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-25433"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u7",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-06-28T18:51:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-25435",
"publishedDate": "2023-06-21T20:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c",
"vulnerabilityID": "CVE-2023-25435"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-01T02:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26965",
"publishedDate": "2023-06-14T21:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "heap-based use after free via a crafted TIFF image in loadImage() in tiffcrop.c",
"vulnerabilityID": "CVE-2023-26965"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-01T02:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26966",
"publishedDate": "2023-06-29T20:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Buffer Overflow in uv_encode()",
"vulnerabilityID": "CVE-2023-26966"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-02T15:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-2908",
"publishedDate": "2023-06-30T22:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "null pointer dereference in tif_dir.c",
"vulnerabilityID": "CVE-2023-2908"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-06-16T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-30086",
"publishedDate": "2023-05-09T16:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Heap buffer overflow in tiffcp() at tiffcp.c",
"vulnerabilityID": "CVE-2023-30086"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u5",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-07-03T16:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-30774",
"publishedDate": "2023-05-19T15:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value",
"vulnerabilityID": "CVE-2023-30774"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-01T02:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3316",
"publishedDate": "2023-06-19T12:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "null pointer dereference in TIFFClose()",
"vulnerabilityID": "CVE-2023-3316"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-10-10T13:09:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3576",
"publishedDate": "2023-10-04T19:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "memory leak in tiffcrop.c",
"vulnerabilityID": "CVE-2023-3576"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-08-24T19:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3618",
"publishedDate": "2023-07-12T15:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "segmentation fault in Fax3Encode in libtiff/tif_fax3.c",
"vulnerabilityID": "CVE-2023-3618"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-10-10T14:52:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-40745",
"publishedDate": "2023-10-05T19:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "integer overflow in tiffcp.c",
"vulnerabilityID": "CVE-2023-40745"
},
{
"fixedVersion": "4.1.0+git191117-2~deb10u8",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-10-10T14:52:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-41175",
"publishedDate": "2023-10-05T19:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "potential integer overflow in raw2tiff.c",
"vulnerabilityID": "CVE-2023-41175"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2019-10-03T00:03:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-16232",
"publishedDate": "2019-03-21T15:59:00Z",
"resource": "libtiff5",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c",
"vulnerabilityID": "CVE-2017-16232"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2018-02-12T02:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-17973",
"publishedDate": "2017-12-29T21:29:00Z",
"resource": "libtiff5",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc",
"vulnerabilityID": "CVE-2017-17973"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2019-10-03T00:03:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-5563",
"publishedDate": "2017-01-23T07:59:00Z",
"resource": "libtiff5",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c",
"vulnerabilityID": "CVE-2017-5563"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2019-10-03T00:03:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-9117",
"publishedDate": "2017-05-21T19:29:00Z",
"resource": "libtiff5",
"score": 9.8,
"severity": "LOW",
"target": "",
"title": "libtiff: Heap-based buffer over-read in bmp2tiff",
"vulnerabilityID": "CVE-2017-9117"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2021-03-15T22:31:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-10126",
"publishedDate": "2018-04-21T21:29:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c",
"vulnerabilityID": "CVE-2018-10126"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-07-30T03:48:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35521",
"publishedDate": "2021-03-09T20:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "libtiff: Memory allocation failure in tiff2rgba",
"vulnerabilityID": "CVE-2020-35521"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2022-07-30T03:48:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-35522",
"publishedDate": "2021-03-09T20:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "libtiff: Memory allocation failure in tiff2rgba",
"vulnerabilityID": "CVE-2020-35522"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-22T17:35:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1056",
"publishedDate": "2022-03-28T19:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c",
"vulnerabilityID": "CVE-2022-1056"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-07-24T13:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-1210",
"publishedDate": "2022-04-03T09:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "tiff: Malicious file leads to a denial of service in TIFF File Handler",
"vulnerabilityID": "CVE-2022-1210"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2519",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "Double free or corruption in rotateImage() function at tiffcrop.c",
"vulnerabilityID": "CVE-2022-2519"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-28T15:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2520",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "Assertion fail in rotateImage() function at tiffcrop.c",
"vulnerabilityID": "CVE-2022-2520"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T15:59:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2521",
"publishedDate": "2022-08-31T16:15:00Z",
"resource": "libtiff5",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "Invalid pointer free operation in TIFFClose() at tif_close.c",
"vulnerabilityID": "CVE-2022-2521"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-02-23T16:01:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2953",
"publishedDate": "2022-08-29T15:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "heap-buffer-overflow in extractImageSection in tiffcrop.c",
"vulnerabilityID": "CVE-2022-2953"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-04-18T15:25:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-1916",
"publishedDate": "2023-04-10T22:15:00Z",
"resource": "libtiff5",
"score": 6.1,
"severity": "LOW",
"target": "",
"title": "out-of-bounds read in extractImageSection() in tools/tiffcrop.c",
"vulnerabilityID": "CVE-2023-1916"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "2023-07-03T16:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-30775",
"publishedDate": "2023-05-19T15:15:00Z",
"resource": "libtiff5",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "Heap buffer overflow in extractContigSamples32bits, tiffcrop.c",
"vulnerabilityID": "CVE-2023-30775"
},
{
"fixedVersion": "",
"installedVersion": "4.1.0+git191117-2~deb10u1",
"lastModifiedDate": "",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3164",
"publishedDate": "",
"resource": "libtiff5",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "heap-buffer-overflow in extractImageSection()",
"vulnerabilityID": "CVE-2023-3164"
},
{
"fixedVersion": "6.1+20181013-2+deb10u3",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2022-11-08T19:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458",
"publishedDate": "2022-04-18T21:15:00Z",
"resource": "libtinfo6",
"score": 7.1,
"severity": "HIGH",
"target": "",
"title": "segfaulting OOB read",
"vulnerabilityID": "CVE-2022-29458"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-09-09T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491",
"publishedDate": "2023-04-14T01:15:00Z",
"resource": "libtinfo6",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Local users can trigger security-relevant memory corruption via malformed data",
"vulnerabilityID": "CVE-2023-29491"
},
{
"fixedVersion": "6.1+20181013-2+deb10u4",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-10-20T21:21:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189",
"publishedDate": "2023-08-22T19:16:00Z",
"resource": "libtinfo6",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "997",
"vulnerabilityID": "CVE-2020-19189"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-04-27T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537",
"publishedDate": "2021-09-20T16:15:00Z",
"resource": "libtinfo6",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c",
"vulnerabilityID": "CVE-2021-39537"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-31T18:53:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3843",
"publishedDate": "2019-04-26T21:29:00Z",
"resource": "libudev1",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "systemd: services with DynamicUser can create SUID/SGID binaries",
"vulnerabilityID": "CVE-2019-3843"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-31T18:52:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-3844",
"publishedDate": "2019-04-26T21:29:00Z",
"resource": "libudev1",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "systemd: services with DynamicUser can get new privileges and create SGID binaries",
"vulnerabilityID": "CVE-2019-3844"
},
{
"fixedVersion": "241-7~deb10u4",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-11-29T16:25:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-1712",
"publishedDate": "2020-03-31T17:15:00Z",
"resource": "libudev1",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "systemd: use-after-free when asynchronous polkit queries are performed",
"vulnerabilityID": "CVE-2020-1712"
},
{
"fixedVersion": "241-7~deb10u9",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-08-11T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-26604",
"publishedDate": "2023-03-03T16:15:00Z",
"resource": "libudev1",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "privilege escalation via the less pager",
"vulnerabilityID": "CVE-2023-26604"
},
{
"fixedVersion": "241-7~deb10u8",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-06-14T11:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-33910",
"publishedDate": "2021-07-20T19:15:00Z",
"resource": "libudev1",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash",
"vulnerabilityID": "CVE-2021-33910"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-05-03T12:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3997",
"publishedDate": "2022-08-23T20:15:00Z",
"resource": "libudev1",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "Uncontrolled recursion in systemd-tmpfiles when removing files",
"vulnerabilityID": "CVE-2021-3997"
},
{
"fixedVersion": "241-7~deb10u10",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-29T23:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-3821",
"publishedDate": "2022-11-08T22:15:00Z",
"resource": "libudev1",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "buffer overrun in format_timespan() function",
"vulnerabilityID": "CVE-2022-3821"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-02-02T16:19:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4415",
"publishedDate": "2023-01-11T15:15:00Z",
"resource": "libudev1",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting",
"vulnerabilityID": "CVE-2022-4415"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-31T17:49:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4392",
"publishedDate": "2013-10-28T22:55:00Z",
"resource": "libudev1",
"severity": "LOW",
"target": "",
"title": "TOCTOU race condition when updating file permissions and SELinux security contexts",
"vulnerabilityID": "CVE-2013-4392"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-01-28T21:27:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20386",
"publishedDate": "2020-01-21T06:15:00Z",
"resource": "libudev1",
"score": 2.4,
"severity": "LOW",
"target": "",
"title": "systemd: memory leak in button_open() in login/logind-button.c when udev events are received",
"vulnerabilityID": "CVE-2019-20386"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2022-10-07T02:59:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-13529",
"publishedDate": "2021-05-10T16:15:00Z",
"resource": "libudev1",
"score": 6.1,
"severity": "LOW",
"target": "",
"title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
"vulnerabilityID": "CVE-2020-13529"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-23T19:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31437",
"publishedDate": "2023-06-13T17:15:00Z",
"resource": "libudev1",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "An issue was discovered in systemd 253. An attacker can modify a seale ...",
"vulnerabilityID": "CVE-2023-31437"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-23T19:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31438",
"publishedDate": "2023-06-13T17:15:00Z",
"resource": "libudev1",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "An issue was discovered in systemd 253. An attacker can truncate a sea ...",
"vulnerabilityID": "CVE-2023-31438"
},
{
"fixedVersion": "",
"installedVersion": "241-7~deb10u3",
"lastModifiedDate": "2023-06-23T19:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31439",
"publishedDate": "2023-06-13T17:15:00Z",
"resource": "libudev1",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "An issue was discovered in systemd 253. An attacker can modify the con ...",
"vulnerabilityID": "CVE-2023-31439"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "libuuid1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "libuuid1",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-02-17T03:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25009",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: out-of-bounds read in WebPMuxCreateInternal",
"vulnerabilityID": "CVE-2018-25009"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-02-10T17:45:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25010",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: out-of-bounds read in ApplyFilter()",
"vulnerabilityID": "CVE-2018-25010"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-02-10T17:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25011",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: heap-based buffer overflow in PutLE16()",
"vulnerabilityID": "CVE-2018-25011"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-02-28T15:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25012",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: out-of-bounds read in WebPMuxCreateInternal()",
"vulnerabilityID": "CVE-2018-25012"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-02-09T02:21:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25013",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: out-of-bounds read in ShiftBytes()",
"vulnerabilityID": "CVE-2018-25013"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-02-09T02:24:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25014",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: use of uninitialized value in ReadSymbol()",
"vulnerabilityID": "CVE-2018-25014"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-01-09T16:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36328",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions",
"vulnerabilityID": "CVE-2020-36328"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-01-09T16:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36329",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c",
"vulnerabilityID": "CVE-2020-36329"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2021-11-30T19:43:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36330",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c",
"vulnerabilityID": "CVE-2020-36330"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-01-09T16:41:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36331",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 9.1,
"severity": "CRITICAL",
"target": "",
"title": "libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c",
"vulnerabilityID": "CVE-2020-36331"
},
{
"fixedVersion": "0.6.1-2+deb10u1",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2022-09-20T19:28:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36332",
"publishedDate": "2021-05-21T17:15:00Z",
"resource": "libwebp6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "libwebp: excessive memory allocation when reading a file",
"vulnerabilityID": "CVE-2020-36332"
},
{
"fixedVersion": "0.6.1-2+deb10u2",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-09-17T09:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-1999",
"publishedDate": "2023-06-20T12:15:00Z",
"resource": "libwebp6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Double-free in libwebp",
"vulnerabilityID": "CVE-2023-1999"
},
{
"fixedVersion": "0.6.1-2+deb10u3",
"installedVersion": "0.6.1-2",
"lastModifiedDate": "2023-10-02T02:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4863",
"publishedDate": "2023-09-12T15:15:00Z",
"resource": "libwebp6",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "Heap buffer overflow in WebP Codec",
"vulnerabilityID": "CVE-2023-4863"
},
{
"fixedVersion": "2:1.6.7-1+deb10u2",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2021-09-23T12:45:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-31535",
"publishedDate": "2021-05-27T13:15:00Z",
"resource": "libx11-6",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "missing request length checks",
"vulnerabilityID": "CVE-2021-31535"
},
{
"fixedVersion": "2:1.6.7-1+deb10u1",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2021-11-04T16:10:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14363",
"publishedDate": "2020-09-11T18:15:00Z",
"resource": "libx11-6",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "libX11: integer overflow leads to double free in locale handling",
"vulnerabilityID": "CVE-2020-14363"
},
{
"fixedVersion": "2:1.6.7-1+deb10u3",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-07-07T13:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3138",
"publishedDate": "2023-06-28T21:15:00Z",
"resource": "libx11-6",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow",
"vulnerabilityID": "CVE-2023-3138"
},
{
"fixedVersion": "2:1.6.7-1+deb10u4",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-10-13T13:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43787",
"publishedDate": "2023-10-10T13:15:00Z",
"resource": "libx11-6",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "integer overflow in XCreateImage() leading to a heap overflow",
"vulnerabilityID": "CVE-2023-43787"
},
{
"fixedVersion": "2:1.6.7-1+deb10u1",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2022-11-29T02:19:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14344",
"publishedDate": "2020-08-05T14:15:00Z",
"resource": "libx11-6",
"score": 6.7,
"severity": "MEDIUM",
"target": "",
"title": "libX11: Heap overflow in the X input method client",
"vulnerabilityID": "CVE-2020-14344"
},
{
"fixedVersion": "2:1.6.7-1+deb10u4",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-10-12T19:03:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43785",
"publishedDate": "2023-10-10T13:15:00Z",
"resource": "libx11-6",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds memory access in _XkbReadKeySyms()",
"vulnerabilityID": "CVE-2023-43785"
},
{
"fixedVersion": "2:1.6.7-1+deb10u4",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-10-13T13:26:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43786",
"publishedDate": "2023-10-10T13:15:00Z",
"resource": "libx11-6",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "stack exhaustion from infinite recursion in PutSubImage()",
"vulnerabilityID": "CVE-2023-43786"
},
{
"fixedVersion": "2:1.6.7-1+deb10u2",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2021-09-23T12:45:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-31535",
"publishedDate": "2021-05-27T13:15:00Z",
"resource": "libx11-data",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "missing request length checks",
"vulnerabilityID": "CVE-2021-31535"
},
{
"fixedVersion": "2:1.6.7-1+deb10u1",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2021-11-04T16:10:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14363",
"publishedDate": "2020-09-11T18:15:00Z",
"resource": "libx11-data",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "libX11: integer overflow leads to double free in locale handling",
"vulnerabilityID": "CVE-2020-14363"
},
{
"fixedVersion": "2:1.6.7-1+deb10u3",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-07-07T13:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-3138",
"publishedDate": "2023-06-28T21:15:00Z",
"resource": "libx11-data",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow",
"vulnerabilityID": "CVE-2023-3138"
},
{
"fixedVersion": "2:1.6.7-1+deb10u4",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-10-13T13:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43787",
"publishedDate": "2023-10-10T13:15:00Z",
"resource": "libx11-data",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "integer overflow in XCreateImage() leading to a heap overflow",
"vulnerabilityID": "CVE-2023-43787"
},
{
"fixedVersion": "2:1.6.7-1+deb10u1",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2022-11-29T02:19:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-14344",
"publishedDate": "2020-08-05T14:15:00Z",
"resource": "libx11-data",
"score": 6.7,
"severity": "MEDIUM",
"target": "",
"title": "libX11: Heap overflow in the X input method client",
"vulnerabilityID": "CVE-2020-14344"
},
{
"fixedVersion": "2:1.6.7-1+deb10u4",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-10-12T19:03:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43785",
"publishedDate": "2023-10-10T13:15:00Z",
"resource": "libx11-data",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out-of-bounds memory access in _XkbReadKeySyms()",
"vulnerabilityID": "CVE-2023-43785"
},
{
"fixedVersion": "2:1.6.7-1+deb10u4",
"installedVersion": "2:1.6.7-1",
"lastModifiedDate": "2023-10-13T13:26:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43786",
"publishedDate": "2023-10-10T13:15:00Z",
"resource": "libx11-data",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "stack exhaustion from infinite recursion in PutSubImage()",
"vulnerabilityID": "CVE-2023-43786"
},
{
"fixedVersion": "",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-04-08T23:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-16932",
"publishedDate": "2017-11-23T21:29:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "libxml2: Infinite recursion in parameter entities",
"vulnerabilityID": "CVE-2017-16932"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u1",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2021-07-21T11:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19956",
"publishedDate": "2019-12-24T16:15:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c",
"vulnerabilityID": "CVE-2019-19956"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u1",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-07-25T18:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-20388",
"publishedDate": "2020-01-21T23:15:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c",
"vulnerabilityID": "CVE-2019-20388"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u1",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-07-25T18:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-7595",
"publishedDate": "2020-01-21T23:15:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "infinite loop in xmlStringLenDecodeEntities in some end-of-file situations",
"vulnerabilityID": "CVE-2020-7595"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u2",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-03-01T15:11:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3516",
"publishedDate": "2021-06-01T14:15:00Z",
"resource": "libxml2",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c",
"vulnerabilityID": "CVE-2021-3516"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u2",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-10-05T02:28:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3517",
"publishedDate": "2021-05-19T14:15:00Z",
"resource": "libxml2",
"score": 8.6,
"severity": "HIGH",
"target": "",
"title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c",
"vulnerabilityID": "CVE-2021-3517"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u2",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-10-05T02:25:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3518",
"publishedDate": "2021-05-18T12:15:00Z",
"resource": "libxml2",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c",
"vulnerabilityID": "CVE-2021-3518"
},
{
"fixedVersion": "",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-10-28T18:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-2309",
"publishedDate": "2022-07-05T10:15:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "lxml: NULL Pointer Dereference in lxml",
"vulnerabilityID": "CVE-2022-2309"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u3",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-11-02T13:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-23308",
"publishedDate": "2022-02-26T05:15:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "Use-after-free of ID and IDREF attributes",
"vulnerabilityID": "CVE-2022-23308"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u5",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-01-11T17:29:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40303",
"publishedDate": "2022-11-23T00:15:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "integer overflows with XML_PARSE_HUGE",
"vulnerabilityID": "CVE-2022-40303"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u5",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-08-08T14:22:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-40304",
"publishedDate": "2022-11-23T18:15:00Z",
"resource": "libxml2",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "dict corruption caused by entity reference cycles",
"vulnerabilityID": "CVE-2022-40304"
},
{
"fixedVersion": "",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-12-07T16:39:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-3709",
"publishedDate": "2022-07-28T17:15:00Z",
"resource": "libxml2",
"score": 6.1,
"severity": "MEDIUM",
"target": "",
"title": "Incorrect server side include parsing can lead to XSS",
"vulnerabilityID": "CVE-2016-3709"
},
{
"fixedVersion": "",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-04-08T23:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2016-9318",
"publishedDate": "2016-11-16T00:59:00Z",
"resource": "libxml2",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "libxml2: XML External Entity vulnerability",
"vulnerabilityID": "CVE-2016-9318"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u1",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2020-09-10T01:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14567",
"publishedDate": "2018-08-16T20:29:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "libxml2: Infinite loop caused by incorrect error detection during LZMA decompression",
"vulnerabilityID": "CVE-2018-14567"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u2",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-02-28T15:19:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3537",
"publishedDate": "2021-05-14T20:15:00Z",
"resource": "libxml2",
"score": 5.9,
"severity": "MEDIUM",
"target": "",
"title": "NULL pointer dereference when post-validating mixed content parsed in recovery mode",
"vulnerabilityID": "CVE-2021-3537"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u2",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-03-01T18:25:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-3541",
"publishedDate": "2021-07-09T17:15:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms",
"vulnerabilityID": "CVE-2021-3541"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u4",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-01-11T17:33:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29824",
"publishedDate": "2022-05-03T03:15:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write",
"vulnerabilityID": "CVE-2022-29824"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u6",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-06-01T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-28484",
"publishedDate": "2023-04-24T21:15:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "NULL dereference in xmlSchemaFixupComplexType",
"vulnerabilityID": "CVE-2023-28484"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u6",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-06-01T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29469",
"publishedDate": "2023-04-24T21:15:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "Hashing of empty dict strings isn't deterministic",
"vulnerabilityID": "CVE-2023-29469"
},
{
"fixedVersion": "",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-09-06T17:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-39615",
"publishedDate": "2023-08-29T17:15:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "crafted xml can cause global buffer overflow",
"vulnerabilityID": "CVE-2023-39615"
},
{
"fixedVersion": "",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2023-10-11T18:13:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-45322",
"publishedDate": "2023-10-06T22:15:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "use-after-free in xmlUnlinkNode() in tree.c",
"vulnerabilityID": "CVE-2023-45322"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u1",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2020-09-10T01:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2017-18258",
"publishedDate": "2018-04-08T17:29:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "Unrestricted memory usage in xz_head() function in xzlib.c",
"vulnerabilityID": "CVE-2017-18258"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u1",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2020-09-10T01:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-14404",
"publishedDate": "2018-07-19T13:29:00Z",
"resource": "libxml2",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c",
"vulnerabilityID": "CVE-2018-14404"
},
{
"fixedVersion": "2.9.4+dfsg1-7+deb10u2",
"installedVersion": "2.9.4+dfsg1-7+b3",
"lastModifiedDate": "2022-07-25T18:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-24977",
"publishedDate": "2020-09-04T00:15:00Z",
"resource": "libxml2",
"score": 6.5,
"severity": "LOW",
"target": "",
"title": "libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c",
"vulnerabilityID": "CVE-2020-24977"
},
{
"fixedVersion": "1:3.5.12-1+deb10u1",
"installedVersion": "1:3.5.12-1",
"lastModifiedDate": "2023-10-17T15:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-44617",
"publishedDate": "2023-02-06T23:15:00Z",
"resource": "libxpm4",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "libXpm: Runaway loop on width of 0 and enormous height",
"vulnerabilityID": "CVE-2022-44617"
},
{
"fixedVersion": "1:3.5.12-1+deb10u1",
"installedVersion": "1:3.5.12-1",
"lastModifiedDate": "2023-10-17T15:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-46285",
"publishedDate": "2023-02-07T19:15:00Z",
"resource": "libxpm4",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "libXpm: Infinite loop on unclosed comments",
"vulnerabilityID": "CVE-2022-46285"
},
{
"fixedVersion": "1:3.5.12-1+deb10u1",
"installedVersion": "1:3.5.12-1",
"lastModifiedDate": "2023-10-17T15:55:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-4883",
"publishedDate": "2023-02-07T19:15:00Z",
"resource": "libxpm4",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "libXpm: compression commands depend on $PATH",
"vulnerabilityID": "CVE-2022-4883"
},
{
"fixedVersion": "1:3.5.12-1+deb10u2",
"installedVersion": "1:3.5.12-1",
"lastModifiedDate": "2023-10-15T04:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43788",
"publishedDate": "2023-10-10T13:15:00Z",
"resource": "libxpm4",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out of bounds read in XpmCreateXpmImageFromBuffer()",
"vulnerabilityID": "CVE-2023-43788"
},
{
"fixedVersion": "1:3.5.12-1+deb10u2",
"installedVersion": "1:3.5.12-1",
"lastModifiedDate": "2023-10-17T18:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-43789",
"publishedDate": "2023-10-12T12:15:00Z",
"resource": "libxpm4",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "out of bounds read on XPM with corrupted colormap",
"vulnerabilityID": "CVE-2023-43789"
},
{
"fixedVersion": "1.1.32-2.2~deb10u2",
"installedVersion": "1.1.32-2.2~deb10u1",
"lastModifiedDate": "2022-10-27T19:47:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-5815",
"publishedDate": "2019-12-11T01:15:00Z",
"resource": "libxslt1.1",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "chromium-browser: Heap buffer overflow in Blink",
"vulnerabilityID": "CVE-2019-5815"
},
{
"fixedVersion": "1.1.32-2.2~deb10u2",
"installedVersion": "1.1.32-2.2~deb10u1",
"lastModifiedDate": "2022-10-27T20:10:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-30560",
"publishedDate": "2021-08-03T19:15:00Z",
"resource": "libxslt1.1",
"score": 8.8,
"severity": "HIGH",
"target": "",
"title": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...",
"vulnerabilityID": "CVE-2021-30560"
},
{
"fixedVersion": "",
"installedVersion": "1.1.32-2.2~deb10u1",
"lastModifiedDate": "2017-04-11T19:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2015-9019",
"publishedDate": "2017-04-05T21:59:00Z",
"resource": "libxslt1.1",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "libxslt: math.random() in xslt uses unseeded randomness",
"vulnerabilityID": "CVE-2015-9019"
},
{
"fixedVersion": "1.3.8+dfsg-3+deb10u1",
"installedVersion": "1.3.8+dfsg-3",
"lastModifiedDate": "2021-04-14T15:28:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-24031",
"publishedDate": "2021-03-04T21:15:00Z",
"resource": "libzstd1",
"score": 5.5,
"severity": "MEDIUM",
"target": "",
"title": "adds read permissions to files while being compressed or uncompressed",
"vulnerabilityID": "CVE-2021-24031"
},
{
"fixedVersion": "1.3.8+dfsg-3+deb10u2",
"installedVersion": "1.3.8+dfsg-3",
"lastModifiedDate": "2021-04-28T20:04:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-24032",
"publishedDate": "2021-03-04T21:15:00Z",
"resource": "libzstd1",
"score": 4.7,
"severity": "MEDIUM",
"target": "",
"title": "Race condition allows attacker to access world-readable destination file",
"vulnerabilityID": "CVE-2021-24032"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4641",
"publishedDate": "",
"resource": "login",
"score": 4.7,
"severity": "MEDIUM",
"target": "",
"title": "possible password leak during passwd(1) change",
"vulnerabilityID": "CVE-2023-4641"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2018-10-15T21:45:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2007-5686",
"publishedDate": "2007-10-28T17:08:00Z",
"resource": "login",
"severity": "LOW",
"target": "",
"title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...",
"vulnerabilityID": "CVE-2007-5686"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2023-02-13T00:28:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4235",
"publishedDate": "2019-12-03T15:15:00Z",
"resource": "login",
"score": 4.7,
"severity": "LOW",
"target": "",
"title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees",
"vulnerabilityID": "CVE-2013-4235"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2019-10-03T00:03:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-7169",
"publishedDate": "2018-02-15T20:29:00Z",
"resource": "login",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation",
"vulnerabilityID": "CVE-2018-7169"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2020-08-25T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19882",
"publishedDate": "2019-12-18T16:15:00Z",
"resource": "login",
"score": 7.8,
"severity": "LOW",
"target": "",
"title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured",
"vulnerabilityID": "CVE-2019-19882"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2023-04-24T18:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29383",
"publishedDate": "2023-04-14T22:15:00Z",
"resource": "login",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "Improper input validation in shadow-utils package utility chfn",
"vulnerabilityID": "CVE-2023-29383"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "mount",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "mount",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "6.1+20181013-2+deb10u3",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2022-11-08T19:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458",
"publishedDate": "2022-04-18T21:15:00Z",
"resource": "ncurses-base",
"score": 7.1,
"severity": "HIGH",
"target": "",
"title": "segfaulting OOB read",
"vulnerabilityID": "CVE-2022-29458"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-09-09T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491",
"publishedDate": "2023-04-14T01:15:00Z",
"resource": "ncurses-base",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Local users can trigger security-relevant memory corruption via malformed data",
"vulnerabilityID": "CVE-2023-29491"
},
{
"fixedVersion": "6.1+20181013-2+deb10u4",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-10-20T21:21:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189",
"publishedDate": "2023-08-22T19:16:00Z",
"resource": "ncurses-base",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "997",
"vulnerabilityID": "CVE-2020-19189"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-04-27T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537",
"publishedDate": "2021-09-20T16:15:00Z",
"resource": "ncurses-base",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c",
"vulnerabilityID": "CVE-2021-39537"
},
{
"fixedVersion": "6.1+20181013-2+deb10u3",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2022-11-08T19:46:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-29458",
"publishedDate": "2022-04-18T21:15:00Z",
"resource": "ncurses-bin",
"score": 7.1,
"severity": "HIGH",
"target": "",
"title": "segfaulting OOB read",
"vulnerabilityID": "CVE-2022-29458"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-09-09T22:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29491",
"publishedDate": "2023-04-14T01:15:00Z",
"resource": "ncurses-bin",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Local users can trigger security-relevant memory corruption via malformed data",
"vulnerabilityID": "CVE-2023-29491"
},
{
"fixedVersion": "6.1+20181013-2+deb10u4",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-10-20T21:21:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-19189",
"publishedDate": "2023-08-22T19:16:00Z",
"resource": "ncurses-bin",
"score": 6.5,
"severity": "MEDIUM",
"target": "",
"title": "997",
"vulnerabilityID": "CVE-2020-19189"
},
{
"fixedVersion": "",
"installedVersion": "6.1+20181013-2+deb10u2",
"lastModifiedDate": "2023-04-27T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-39537",
"publishedDate": "2021-09-20T16:15:00Z",
"resource": "ncurses-bin",
"score": 8.8,
"severity": "LOW",
"target": "",
"title": "heap-based buffer overflow in _nc_captoinfo() in captoinfo.c",
"vulnerabilityID": "CVE-2021-39537"
},
{
"fixedVersion": "",
"installedVersion": "1.16.1-1~buster",
"lastModifiedDate": "2021-06-03T19:10:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-36309",
"publishedDate": "2021-04-06T19:15:00Z",
"resource": "nginx",
"score": 5.3,
"severity": "MEDIUM",
"target": "",
"title": "ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...",
"vulnerabilityID": "CVE-2020-36309"
},
{
"fixedVersion": "",
"installedVersion": "1.16.1-1~buster",
"lastModifiedDate": "2021-11-10T15:51:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2009-4487",
"publishedDate": "2010-01-13T20:30:00Z",
"resource": "nginx",
"severity": "LOW",
"target": "",
"title": "nginx: Absent sanitation of escape sequences in web server log",
"vulnerabilityID": "CVE-2009-4487"
},
{
"fixedVersion": "",
"installedVersion": "1.16.1-1~buster",
"lastModifiedDate": "2021-11-10T15:57:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-0337",
"publishedDate": "2013-10-27T00:55:00Z",
"resource": "nginx",
"severity": "LOW",
"target": "",
"title": "The default configuration of nginx, possibly 1.3.13 and earlier, uses ...",
"vulnerabilityID": "CVE-2013-0337"
},
{
"fixedVersion": "",
"installedVersion": "1.16.1-1~buster",
"lastModifiedDate": "2023-10-20T21:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-44487",
"publishedDate": "2023-10-10T14:15:00Z",
"resource": "nginx",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"vulnerabilityID": "CVE-2023-44487"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-4641",
"publishedDate": "",
"resource": "passwd",
"score": 4.7,
"severity": "MEDIUM",
"target": "",
"title": "possible password leak during passwd(1) change",
"vulnerabilityID": "CVE-2023-4641"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2018-10-15T21:45:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2007-5686",
"publishedDate": "2007-10-28T17:08:00Z",
"resource": "passwd",
"severity": "LOW",
"target": "",
"title": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...",
"vulnerabilityID": "CVE-2007-5686"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2023-02-13T00:28:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2013-4235",
"publishedDate": "2019-12-03T15:15:00Z",
"resource": "passwd",
"score": 4.7,
"severity": "LOW",
"target": "",
"title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees",
"vulnerabilityID": "CVE-2013-4235"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2019-10-03T00:03:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-7169",
"publishedDate": "2018-02-15T20:29:00Z",
"resource": "passwd",
"score": 5.3,
"severity": "LOW",
"target": "",
"title": "shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation",
"vulnerabilityID": "CVE-2018-7169"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2020-08-25T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-19882",
"publishedDate": "2019-12-18T16:15:00Z",
"resource": "passwd",
"score": 7.8,
"severity": "LOW",
"target": "",
"title": "shadow-utils: local users can obtain root access because setuid programs are misconfigured",
"vulnerabilityID": "CVE-2019-19882"
},
{
"fixedVersion": "",
"installedVersion": "1:4.5-1.1",
"lastModifiedDate": "2023-04-24T18:05:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-29383",
"publishedDate": "2023-04-14T22:15:00Z",
"resource": "passwd",
"score": 3.3,
"severity": "LOW",
"target": "",
"title": "Improper input validation in shadow-utils package utility chfn",
"vulnerabilityID": "CVE-2023-29383"
},
{
"fixedVersion": "5.28.1-6+deb10u1",
"installedVersion": "5.28.1-6",
"lastModifiedDate": "2022-05-12T15:00:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10543",
"publishedDate": "2020-06-05T14:15:00Z",
"resource": "perl-base",
"score": 8.2,
"severity": "HIGH",
"target": "",
"title": "heap-based buffer overflow in regular expression compiler leads to DoS",
"vulnerabilityID": "CVE-2020-10543"
},
{
"fixedVersion": "5.28.1-6+deb10u1",
"installedVersion": "5.28.1-6",
"lastModifiedDate": "2022-05-12T15:00:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-10878",
"publishedDate": "2020-06-05T14:15:00Z",
"resource": "perl-base",
"score": 8.6,
"severity": "HIGH",
"target": "",
"title": "corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS",
"vulnerabilityID": "CVE-2020-10878"
},
{
"fixedVersion": "5.28.1-6+deb10u1",
"installedVersion": "5.28.1-6",
"lastModifiedDate": "2022-05-12T15:00:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-12723",
"publishedDate": "2020-06-05T15:15:00Z",
"resource": "perl-base",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS",
"vulnerabilityID": "CVE-2020-12723"
},
{
"fixedVersion": "",
"installedVersion": "5.28.1-6",
"lastModifiedDate": "2022-04-01T13:26:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2020-16156",
"publishedDate": "2021-12-13T18:15:00Z",
"resource": "perl-base",
"score": 7.8,
"severity": "HIGH",
"target": "",
"title": "Bypass of verification of signatures in CHECKSUMS files",
"vulnerabilityID": "CVE-2020-16156"
},
{
"fixedVersion": "",
"installedVersion": "5.28.1-6",
"lastModifiedDate": "2023-08-02T15:28:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31484",
"publishedDate": "2023-04-29T00:15:00Z",
"resource": "perl-base",
"score": 8.1,
"severity": "HIGH",
"target": "",
"title": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS",
"vulnerabilityID": "CVE-2023-31484"
},
{
"fixedVersion": "",
"installedVersion": "5.28.1-6",
"lastModifiedDate": "2020-02-05T22:10:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2011-4116",
"publishedDate": "2020-01-31T18:15:00Z",
"resource": "perl-base",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "perl: File::Temp insecure temporary file handling",
"vulnerabilityID": "CVE-2011-4116"
},
{
"fixedVersion": "",
"installedVersion": "5.28.1-6",
"lastModifiedDate": "2023-06-21T18:19:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-31486",
"publishedDate": "2023-04-29T00:15:00Z",
"resource": "perl-base",
"score": 8.1,
"severity": "LOW",
"target": "",
"title": "insecure TLS cert default",
"vulnerabilityID": "CVE-2023-31486"
},
{
"fixedVersion": "",
"installedVersion": "1.30+dfsg-6",
"lastModifiedDate": "2021-06-18T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2005-2541",
"publishedDate": "2005-08-10T04:00:00Z",
"resource": "tar",
"score": 7,
"severity": "LOW",
"target": "",
"title": "tar: does not properly warn the user when extracting setuid or setgid files",
"vulnerabilityID": "CVE-2005-2541"
},
{
"fixedVersion": "",
"installedVersion": "1.30+dfsg-6",
"lastModifiedDate": "2021-06-29T15:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2019-9923",
"publishedDate": "2019-03-22T08:29:00Z",
"resource": "tar",
"score": 7.5,
"severity": "LOW",
"target": "",
"title": "tar: null-pointer dereference in pax_decode_header in sparse.c",
"vulnerabilityID": "CVE-2019-9923"
},
{
"fixedVersion": "",
"installedVersion": "1.30+dfsg-6",
"lastModifiedDate": "2021-06-03T18:53:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-20193",
"publishedDate": "2021-03-26T17:15:00Z",
"resource": "tar",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "tar: Memory leak in read_header() in list.c",
"vulnerabilityID": "CVE-2021-20193"
},
{
"fixedVersion": "",
"installedVersion": "1.30+dfsg-6",
"lastModifiedDate": "2023-05-30T17:16:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-48303",
"publishedDate": "2023-01-30T04:15:00Z",
"resource": "tar",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "heap buffer overflow at from_header() in list.c via specially crafted checksum",
"vulnerabilityID": "CVE-2022-48303"
},
{
"fixedVersion": "2021a-0+deb10u7",
"installedVersion": "2019c-0+deb10u1",
"lastModifiedDate": "",
"links": [],
"publishedDate": "",
"resource": "tzdata",
"severity": "UNKNOWN",
"target": "",
"title": "tzdata - new timezone database",
"vulnerabilityID": "DLA-3134-1"
},
{
"fixedVersion": "2021a-0+deb10u8",
"installedVersion": "2019c-0+deb10u1",
"lastModifiedDate": "",
"links": [],
"publishedDate": "",
"resource": "tzdata",
"severity": "UNKNOWN",
"target": "",
"title": "tzdata - new timezone database",
"vulnerabilityID": "DLA-3161-1"
},
{
"fixedVersion": "2021a-0+deb10u10",
"installedVersion": "2019c-0+deb10u1",
"lastModifiedDate": "",
"links": [],
"publishedDate": "",
"resource": "tzdata",
"severity": "UNKNOWN",
"target": "",
"title": "tzdata - new timezone database",
"vulnerabilityID": "DLA-3366-1"
},
{
"fixedVersion": "2021a-0+deb10u11",
"installedVersion": "2019c-0+deb10u1",
"lastModifiedDate": "",
"links": [],
"publishedDate": "",
"resource": "tzdata",
"severity": "UNKNOWN",
"target": "",
"title": "tzdata - new timezone database",
"vulnerabilityID": "DLA-3412-1"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2021-10-18T12:18:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2021-37600",
"publishedDate": "2021-07-30T14:15:00Z",
"resource": "util-linux",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils.c",
"vulnerabilityID": "CVE-2021-37600"
},
{
"fixedVersion": "",
"installedVersion": "2.33.1-0.1",
"lastModifiedDate": "2022-06-03T14:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-0563",
"publishedDate": "2022-02-21T19:15:00Z",
"resource": "util-linux",
"score": 5.5,
"severity": "LOW",
"target": "",
"title": "partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline",
"vulnerabilityID": "CVE-2022-0563"
},
{
"fixedVersion": "1:1.2.11.dfsg-1+deb10u2",
"installedVersion": "1:1.2.11.dfsg-1",
"lastModifiedDate": "2023-07-19T00:56:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2022-37434",
"publishedDate": "2022-08-05T07:15:00Z",
"resource": "zlib1g",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field",
"vulnerabilityID": "CVE-2022-37434"
},
{
"fixedVersion": "",
"installedVersion": "1:1.2.11.dfsg-1",
"lastModifiedDate": "2023-10-20T21:15:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2023-45853",
"publishedDate": "2023-10-14T02:15:00Z",
"resource": "zlib1g",
"score": 9.8,
"severity": "CRITICAL",
"target": "",
"title": "integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6",
"vulnerabilityID": "CVE-2023-45853"
},
{
"fixedVersion": "1:1.2.11.dfsg-1+deb10u1",
"installedVersion": "1:1.2.11.dfsg-1",
"lastModifiedDate": "2023-08-04T18:48:00Z",
"links": [],
"primaryLink": "https://avd.aquasec.com/nvd/cve-2018-25032",
"publishedDate": "2022-03-25T09:15:00Z",
"resource": "zlib1g",
"score": 7.5,
"severity": "HIGH",
"target": "",
"title": "A flaw found in zlib when compressing (not decompressing) certain inputs",
"vulnerabilityID": "CVE-2018-25032"
}
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment