gitimages.expertflow.com/cim/realtime-reports-manager:4.4 (ubuntu 20.04) ======================================================================== Total: 378 (UNKNOWN: 0, LOW: 142, MEDIUM: 228, HIGH: 8, CRITICAL: 0) +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | 5.0-6ubuntu1.2 | bash: when effective UID is not | | | | | | | equal to its real UID the... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | bsdutils | CVE-2021-3995 | MEDIUM | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | ca-certificates | CVE-2022-23491 | | 20210119~20.04.2 | 20211016ubuntu0.20.04.1 | python-certifi: untrusted | | | | | | | root certificates | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23491 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | coreutils | CVE-2016-2781 | LOW | 8.30-3ubuntu2 | | coreutils: Non-privileged | | | | | | | session can escape to the | | | | | | | parent session in chroot | | | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | curl | CVE-2022-22576 | MEDIUM | 7.68.0-1ubuntu2.7 | 7.68.0-1ubuntu2.10 | curl: OAUTH2 bearer bypass | | | | | | | in connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22576 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-27774 | | | | curl: credential leak on redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27774 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-27782 | | | 7.68.0-1ubuntu2.11 | curl: TLS and SSH | | | | | | | connection too eager reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27782 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-32206 | | | 7.68.0-1ubuntu2.12 | curl: HTTP compression | | | | | | | denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32206 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-32208 | | | | curl: FTP-KRB bad | | | | | | | message verification | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32208 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-32221 | | | 7.68.0-1ubuntu2.14 | curl: POST following PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32221 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-43552 | | | 7.68.0-1ubuntu2.15 | curl: Use-after-free triggered | | | | | | | by an HTTP proxy deny response | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43552 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-23916 | | | 7.68.0-1ubuntu2.16 | curl: HTTP multi-header | | | | | | | compression denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-27535 | | | 7.68.0-1ubuntu2.18 | curl: FTP too eager connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27535 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-46218 | | | 7.68.0-1ubuntu2.21 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-2398 | | | 7.68.0-1ubuntu2.22 | curl: HTTP/2 push | | | | | | | headers memory-leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2398 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-27775 | LOW | | 7.68.0-1ubuntu2.10 | curl: bad local IPv6 connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27775 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-27776 | | | | curl: auth/cookie leak on redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27776 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-27781 | | | 7.68.0-1ubuntu2.11 | curl: CERTINFO never-ending busy-loop | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27781 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-35252 | | | 7.68.0-1ubuntu2.13 | curl: Incorrect handling of | | | | | | | control code characters in cookies | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35252 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-27533 | | | 7.68.0-1ubuntu2.18 | curl: TELNET option IAC injection | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27533 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-27534 | | | | curl: SFTP path ~ | | | | | | | resolving discrepancy | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27534 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-27536 | | | | curl: GSS delegation too | | | | | | | eager connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27536 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-27538 | | | | curl: SSH connection | | | | | | | too eager reuse still | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27538 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-28321 | | | 7.68.0-1ubuntu2.19 | curl: IDN wildcard match may lead | | | | | | | to Improper Cerificate Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28321 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-28322 | | | | curl: more POST-after-PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28322 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-38546 | | | 7.68.0-1ubuntu2.20 | curl: cookie injection with none file | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | dpkg | CVE-2022-1664 | MEDIUM | 1.19.7ubuntu3 | 1.19.7ubuntu3.2 | Dpkg::Source::Archive in | | | | | | | dpkg, the Debian package | | | | | | | management system, b ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1664 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | e2fsprogs | CVE-2022-1304 | | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | fdisk | CVE-2021-3995 | | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | gpgv | CVE-2022-34903 | | 2.2.19-3ubuntu2.1 | 2.2.19-3ubuntu2.2 | gpg: Signature spoofing | | | | | | | via status line injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-34903 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-3219 | LOW | | | gnupg: denial of service | | | | | | | issue (resource consumption) | | | | | | | using compressed packets | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3219 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | gzip | CVE-2022-1271 | MEDIUM | 1.10-0ubuntu4 | 1.10-0ubuntu4.1 | gzip: arbitrary-file-write | | | | | | | vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1271 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libasn1-8-heimdal | CVE-2021-44758 | | 7.7.0+dfsg-1ubuntu1 | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libblkid1 | CVE-2021-3995 | MEDIUM | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libc-bin | CVE-2021-3999 | | 2.31-0ubuntu9.2 | 2.31-0ubuntu9.7 | glibc: Off-by-one buffer | | | | | | | overflow/underflow in getcwd() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3999 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-2961 | | | 2.31-0ubuntu9.15 | glibc: Out of bounds write in | | | | | | | iconv may lead to remote code... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2961 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2016-10228 | LOW | | 2.31-0ubuntu9.7 | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2016-20013 | | | | sha256crypt and sha512crypt | | | | | | | through 0.6 allow attackers | | | | | | | to cause a denial of... | | | | | | | -->avd.aquasec.com/nvd/cve-2016-20013 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2019-25013 | | | 2.31-0ubuntu9.7 | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-29562 | | | | glibc: assertion failure in iconv | | | | | | | when converting invalid UCS4 | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function | | | | | | | in netgroupcache.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23218 | | | | glibc: Stack-based buffer overflow | | | | | | | in svcunix_create via long pathnames | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23218 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23219 | | | | glibc: Stack-based buffer | | | | | | | overflow in sunrpc clnt_create | | | | | | | via a long pathname | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23219 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-4806 | | | 2.31-0ubuntu9.14 | glibc: potential | | | | | | | use-after-free in getaddrinfo() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4806 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-4813 | | | | glibc: potential | | | | | | | use-after-free in gaih_inet() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4813 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libc6 | CVE-2021-3999 | MEDIUM | | 2.31-0ubuntu9.7 | glibc: Off-by-one buffer | | | | | | | overflow/underflow in getcwd() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3999 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-2961 | | | 2.31-0ubuntu9.15 | glibc: Out of bounds write in | | | | | | | iconv may lead to remote code... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2961 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2016-10228 | LOW | | 2.31-0ubuntu9.7 | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2016-20013 | | | | sha256crypt and sha512crypt | | | | | | | through 0.6 allow attackers | | | | | | | to cause a denial of... | | | | | | | -->avd.aquasec.com/nvd/cve-2016-20013 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2019-25013 | | | 2.31-0ubuntu9.7 | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-29562 | | | | glibc: assertion failure in iconv | | | | | | | when converting invalid UCS4 | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function | | | | | | | in netgroupcache.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23218 | | | | glibc: Stack-based buffer overflow | | | | | | | in svcunix_create via long pathnames | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23218 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23219 | | | | glibc: Stack-based buffer | | | | | | | overflow in sunrpc clnt_create | | | | | | | via a long pathname | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23219 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-4806 | | | 2.31-0ubuntu9.14 | glibc: potential | | | | | | | use-after-free in getaddrinfo() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4806 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-4813 | | | | glibc: potential | | | | | | | use-after-free in gaih_inet() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4813 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libcom-err2 | CVE-2022-1304 | MEDIUM | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libcurl4 | CVE-2022-22576 | | 7.68.0-1ubuntu2.7 | 7.68.0-1ubuntu2.10 | curl: OAUTH2 bearer bypass | | | | | | | in connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22576 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-27774 | | | | curl: credential leak on redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27774 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-27782 | | | 7.68.0-1ubuntu2.11 | curl: TLS and SSH | | | | | | | connection too eager reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27782 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-32206 | | | 7.68.0-1ubuntu2.12 | curl: HTTP compression | | | | | | | denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32206 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-32208 | | | | curl: FTP-KRB bad | | | | | | | message verification | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32208 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-32221 | | | 7.68.0-1ubuntu2.14 | curl: POST following PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-32221 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-43552 | | | 7.68.0-1ubuntu2.15 | curl: Use-after-free triggered | | | | | | | by an HTTP proxy deny response | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43552 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-23916 | | | 7.68.0-1ubuntu2.16 | curl: HTTP multi-header | | | | | | | compression denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-23916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-27535 | | | 7.68.0-1ubuntu2.18 | curl: FTP too eager connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27535 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-46218 | | | 7.68.0-1ubuntu2.21 | curl: information disclosure | | | | | | | by exploiting a mixed case flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46218 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-2398 | | | 7.68.0-1ubuntu2.22 | curl: HTTP/2 push | | | | | | | headers memory-leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2398 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-27775 | LOW | | 7.68.0-1ubuntu2.10 | curl: bad local IPv6 connection reuse | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27775 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-27776 | | | | curl: auth/cookie leak on redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27776 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-27781 | | | 7.68.0-1ubuntu2.11 | curl: CERTINFO never-ending busy-loop | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27781 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-35252 | | | 7.68.0-1ubuntu2.13 | curl: Incorrect handling of | | | | | | | control code characters in cookies | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35252 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-27533 | | | 7.68.0-1ubuntu2.18 | curl: TELNET option IAC injection | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27533 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-27534 | | | | curl: SFTP path ~ | | | | | | | resolving discrepancy | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27534 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-27536 | | | | curl: GSS delegation too | | | | | | | eager connection re-use | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27536 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-27538 | | | | curl: SSH connection | | | | | | | too eager reuse still | | | | | | | -->avd.aquasec.com/nvd/cve-2023-27538 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-28321 | | | 7.68.0-1ubuntu2.19 | curl: IDN wildcard match may lead | | | | | | | to Improper Cerificate Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28321 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-28322 | | | | curl: more POST-after-PUT confusion | | | | | | | -->avd.aquasec.com/nvd/cve-2023-28322 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-38546 | | | 7.68.0-1ubuntu2.20 | curl: cookie injection with none file | | | | | | | -->avd.aquasec.com/nvd/cve-2023-38546 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libexpat1 | CVE-2022-25235 | HIGH | 2.2.9-1build1 | 2.2.9-1ubuntu0.2 | expat: Malformed 2- and | | | | | | | 3-byte UTF-8 sequences can | | | | | | | lead to arbitrary code... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25235 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-25236 | | | | expat: Namespace-separator characters | | | | | | | in "xmlns[:prefix]" attribute | | | | | | | values can lead to arbitrary code... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25236 | + +------------------+----------+ + +---------------------------------------+ | | CVE-2021-46143 | MEDIUM | | | expat: Integer overflow | | | | | | | in doProlog in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46143 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-22822 | | | | expat: Integer overflow in | | | | | | | addBinding in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22822 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-22823 | | | | expat: Integer overflow in | | | | | | | build_model in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22823 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-22824 | | | | expat: Integer overflow in | | | | | | | defineAttribute in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22824 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-22825 | | | | expat: Integer overflow | | | | | | | in lookup in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22825 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-22826 | | | | expat: Integer overflow in | | | | | | | nextScaffoldPart in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22826 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-22827 | | | | expat: Integer overflow | | | | | | | in storeAtts in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22827 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23852 | | | | expat: Integer overflow | | | | | | | in function XML_GetBuffer | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23852 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23990 | | | | expat: integer overflow | | | | | | | in the doProlog function | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23990 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-25313 | | | 2.2.9-1ubuntu0.4 | expat: Stack exhaustion | | | | | | | in doctype parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25313 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-25314 | | | | expat: Integer overflow | | | | | | | in copyString() | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25314 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-25315 | | | | expat: Integer overflow | | | | | | | in storeRawNames() | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25315 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-40674 | | | 2.2.9-1ubuntu0.5 | expat: a use-after-free in the | | | | | | | doContent function in xmlparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-40674 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-43680 | | | 2.2.9-1ubuntu0.6 | expat: use-after free caused | | | | | | | by overeager destruction | | | | | | | of a shared DTD in... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-43680 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-45960 | LOW | | 2.2.9-1ubuntu0.2 | expat: Large number of prefixed XML | | | | | | | attributes on a single tag can... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-45960 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libext2fs2 | CVE-2022-1304 | MEDIUM | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libfdisk1 | CVE-2021-3995 | | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libfreetype6 | CVE-2022-27404 | | 2.10.1-2ubuntu0.1 | 2.10.1-2ubuntu0.2 | FreeType: Buffer overflow | | | | | | | in sfnt_init_face | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27404 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-31782 | | | | ftbench.c in FreeType Demo | | | | | | | Programs through 2.12.1 | | | | | | | has a heap-based bu ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-31782 | + +------------------+----------+ + +---------------------------------------+ | | CVE-2022-27405 | LOW | | | FreeType: Segmentation | | | | | | | violation via FNT_Size_Request | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27405 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-27406 | | | | Freetype: Segmentation | | | | | | | violation via FT_Request_Size | | | | | | | -->avd.aquasec.com/nvd/cve-2022-27406 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libgcrypt20 | CVE-2024-2236 | MEDIUM | 1.8.5-5ubuntu1.1 | | libgcrypt: vulnerable | | | | | | | to Marvin Attack | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2236 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libgmp10 | CVE-2021-43618 | LOW | 2:6.2.0+dfsg-4 | 2:6.2.0+dfsg-4ubuntu0.1 | gmp: Integer overflow and resultant | | | | | | | buffer overflow via crafted input | | | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libgnutls30 | CVE-2022-2509 | MEDIUM | 3.6.13-2ubuntu1.6 | 3.6.13-2ubuntu1.7 | gnutls: Double free | | | | | | | during gnutls_pkcs7_verify | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2509 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-0361 | | | 3.6.13-2ubuntu1.8 | gnutls: timing side-channel in | | | | | | | the TLS RSA key exchange code | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0361 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-5981 | | | 3.6.13-2ubuntu1.9 | gnutls: timing side-channel | | | | | | | in the RSA-PSK authentication | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5981 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-0553 | | | 3.6.13-2ubuntu1.10 | gnutls: incomplete | | | | | | | fix for CVE-2023-5981 | | | | | | | -->avd.aquasec.com/nvd/cve-2024-0553 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28834 | | | 3.6.13-2ubuntu1.11 | gnutls: vulnerable to Minerva | | | | | | | side-channel information leak | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28834 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-4209 | LOW | | 3.6.13-2ubuntu1.7 | GnuTLS: Null pointer | | | | | | | dereference in MD_UPDATE | | | | | | | -->avd.aquasec.com/nvd/cve-2021-4209 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libgssapi-krb5-2 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | 1.17-6ubuntu4.3 | krb5: Sending a request containing | | | | | | | PA-ENCRYPTED-CHALLENGE padata | | | | | | | element without using FAST could... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-37750 | | | | krb5: NULL pointer dereference | | | | | | | in process_tgs_req() in | | | | | | | kdc/do_tgs_req.c via a FAST inner... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-37750 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 1.17-6ubuntu4.2 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-36054 | | | 1.17-6ubuntu4.4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libgssapi3-heimdal | CVE-2021-44758 | | 7.7.0+dfsg-1ubuntu1 | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libhcrypto4-heimdal | CVE-2021-44758 | MEDIUM | | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libheimbase1-heimdal | CVE-2021-44758 | MEDIUM | | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libheimntlm0-heimdal | CVE-2021-44758 | MEDIUM | | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libhx509-5-heimdal | CVE-2021-44758 | MEDIUM | | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libk5crypto3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | 1.17-6ubuntu4.3 | krb5: Sending a request containing | | | | | | | PA-ENCRYPTED-CHALLENGE padata | | | | | | | element without using FAST could... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-37750 | | | | krb5: NULL pointer dereference | | | | | | | in process_tgs_req() in | | | | | | | kdc/do_tgs_req.c via a FAST inner... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-37750 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 1.17-6ubuntu4.2 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-36054 | | | 1.17-6ubuntu4.4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libkrb5-26-heimdal | CVE-2021-44758 | | 7.7.0+dfsg-1ubuntu1 | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libkrb5-3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | 1.17-6ubuntu4.3 | krb5: Sending a request containing | | | | | | | PA-ENCRYPTED-CHALLENGE padata | | | | | | | element without using FAST could... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-37750 | | | | krb5: NULL pointer dereference | | | | | | | in process_tgs_req() in | | | | | | | kdc/do_tgs_req.c via a FAST inner... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-37750 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 1.17-6ubuntu4.2 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-36054 | | | 1.17-6ubuntu4.4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | +----------------------+------------------+ + +----------------------------+---------------------------------------+ | libkrb5support0 | CVE-2021-36222 | | | 1.17-6ubuntu4.3 | krb5: Sending a request containing | | | | | | | PA-ENCRYPTED-CHALLENGE padata | | | | | | | element without using FAST could... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-37750 | | | | krb5: NULL pointer dereference | | | | | | | in process_tgs_req() in | | | | | | | kdc/do_tgs_req.c via a FAST inner... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-37750 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 1.17-6ubuntu4.2 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-36054 | | | 1.17-6ubuntu4.4 | krb5: Denial of service through | | | | | | | freeing uninitialized pointer | | | | | | | -->avd.aquasec.com/nvd/cve-2023-36054 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26458 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/rpc/pmap_rmt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26461 | | | | krb5: Memory leak at | | | | | | | /krb5/src/lib/gssapi/krb5/k5sealv3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26461 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-26462 | | | | krb5: Memory leak at | | | | | | | /krb5/src/kdc/ndr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2024-26462 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libldap-2.4-2 | CVE-2022-29155 | | 2.4.49+dfsg-2ubuntu1.8 | 2.4.49+dfsg-2ubuntu1.9 | openldap: OpenLDAP SQL injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29155 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2023-2953 | LOW | | 2.4.49+dfsg-2ubuntu1.10 | openldap: null pointer dereference | | | | | | | in ber_memalloc_x function | | | | | | | -->avd.aquasec.com/nvd/cve-2023-2953 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libldap-common | CVE-2022-29155 | MEDIUM | | 2.4.49+dfsg-2ubuntu1.9 | openldap: OpenLDAP SQL injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29155 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2023-2953 | LOW | | 2.4.49+dfsg-2ubuntu1.10 | openldap: null pointer dereference | | | | | | | in ber_memalloc_x function | | | | | | | -->avd.aquasec.com/nvd/cve-2023-2953 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | liblzma5 | CVE-2020-22916 | MEDIUM | 5.2.4-1ubuntu1 | | Denial of service via | | | | | | | decompression of crafted file | | | | | | | -->avd.aquasec.com/nvd/cve-2020-22916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-1271 | | | 5.2.4-1ubuntu1.1 | gzip: arbitrary-file-write | | | | | | | vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1271 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libmount1 | CVE-2021-3995 | | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libncurses6 | CVE-2023-29491 | | 6.2-0ubuntu2 | 6.2-0ubuntu2.1 | ncurses: Local users can | | | | | | | trigger security-relevant memory | | | | | | | corruption via malformed data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29491 | + +------------------+----------+ + +---------------------------------------+ | | CVE-2021-39537 | LOW | | | ncurses: heap-based buffer overflow | | | | | | | in _nc_captoinfo() in captoinfo.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-29458 | | | | ncurses: segfaulting OOB read | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-45918 | | | | ncurses 6.4-20230610 has | | | | | | | a NULL pointer dereference | | | | | | | in tgetstr in tinf ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45918 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-50495 | | | | ncurses: segmentation | | | | | | | fault via _nc_wrap_entry() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-50495 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libncursesw6 | CVE-2023-29491 | MEDIUM | | 6.2-0ubuntu2.1 | ncurses: Local users can | | | | | | | trigger security-relevant memory | | | | | | | corruption via malformed data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29491 | + +------------------+----------+ + +---------------------------------------+ | | CVE-2021-39537 | LOW | | | ncurses: heap-based buffer overflow | | | | | | | in _nc_captoinfo() in captoinfo.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-29458 | | | | ncurses: segfaulting OOB read | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-45918 | | | | ncurses 6.4-20230610 has | | | | | | | a NULL pointer dereference | | | | | | | in tgetstr in tinf ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45918 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-50495 | | | | ncurses: segmentation | | | | | | | fault via _nc_wrap_entry() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-50495 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libnghttp2-14 | CVE-2020-11080 | MEDIUM | 1.40.0-1build1 | 1.40.0-1ubuntu0.1 | nghttp2: overly large SETTINGS | | | | | | | frames can lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-44487 | | | 1.40.0-1ubuntu0.2 | HTTP/2: Multiple HTTP/2 | | | | | | | enabled web servers are | | | | | | | vulnerable to a DDoS attack... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-44487 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libpam-modules | CVE-2024-22365 | | 1.3.1-5ubuntu4.2 | 1.3.1-5ubuntu4.7 | pam: allowing unprivileged user | | | | | | | to block another user namespace | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22365 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-28321 | LOW | | 1.3.1-5ubuntu4.4 | pam: authentication | | | | | | | bypass for SSH logins | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28321 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libpam-modules-bin | CVE-2024-22365 | MEDIUM | | 1.3.1-5ubuntu4.7 | pam: allowing unprivileged user | | | | | | | to block another user namespace | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22365 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-28321 | LOW | | 1.3.1-5ubuntu4.4 | pam: authentication | | | | | | | bypass for SSH logins | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28321 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libpam-runtime | CVE-2024-22365 | MEDIUM | | 1.3.1-5ubuntu4.7 | pam: allowing unprivileged user | | | | | | | to block another user namespace | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22365 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-28321 | LOW | | 1.3.1-5ubuntu4.4 | pam: authentication | | | | | | | bypass for SSH logins | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28321 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | libpam0g | CVE-2024-22365 | MEDIUM | | 1.3.1-5ubuntu4.7 | pam: allowing unprivileged user | | | | | | | to block another user namespace | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22365 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-28321 | LOW | | 1.3.1-5ubuntu4.4 | pam: authentication | | | | | | | bypass for SSH logins | | | | | | | -->avd.aquasec.com/nvd/cve-2022-28321 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libpcre2-8-0 | CVE-2022-1586 | | 10.34-7 | 10.34-7ubuntu0.1 | pcre2: Out-of-bounds read in | | | | | | | compile_xclass_matchingpath | | | | | | | in pcre2_jit_compile.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1586 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-1587 | | | | pcre2: Out-of-bounds read | | | | | | | in get_recurse_data_length | | | | | | | in pcre2_jit_compile.c | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1587 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libpcre3 | CVE-2017-11164 | | 2:8.39-12build1 | | pcre: OP_KETRMAX feature in the | | | | | | | match function in pcre_exec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2019-20838 | | | 2:8.39-12ubuntu0.1 | pcre: Buffer over-read in JIT | | | | | | | when UTF is disabled and \X or... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-14155 | | | | pcre: Integer overflow when | | | | | | | parsing callout numeric arguments | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libpng16-16 | CVE-2022-3857 | | 1.6.37-2 | | libpng: Null pointer dereference | | | | | | | leads to segmentation fault | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3857 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libprocps8 | CVE-2023-4016 | | 2:3.3.16-1ubuntu2.3 | 2:3.3.16-1ubuntu2.4 | procps: ps buffer overflow | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4016 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libroken18-heimdal | CVE-2021-44758 | MEDIUM | 7.7.0+dfsg-1ubuntu1 | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-2 | 2.1.27+dfsg-2ubuntu0.1 | cyrus-sasl: failure to properly | | | | | | | escape SQL input allows | | | | | | | an attacker to execute... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-24407 | +----------------------+ + + + + + | libsasl2-modules-db | | | | | | | | | | | | | | | | | | | | | | | | | | | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libsepol1 | CVE-2021-36084 | LOW | 3.0-1 | 3.0-1ubuntu0.1 | libsepol: use-after-free in | | | | | | | __cil_verify_classperms() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-36085 | | | | libsepol: use-after-free in | | | | | | | __cil_verify_classperms() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-36086 | | | | libsepol: use-after-free in | | | | | | | cil_reset_classpermission() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-36087 | | | | libsepol: heap-based buffer | | | | | | | overflow in ebitmap_match_any() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libsmartcols1 | CVE-2021-3995 | MEDIUM | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libsqlite3-0 | CVE-2020-35525 | | 3.31.1-4ubuntu0.2 | 3.31.1-4ubuntu0.4 | sqlite: Null pointer | | | | | | | derreference in src/select.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35525 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-35527 | | | | sqlite: Out of bounds | | | | | | | access during table rename | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35527 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-35737 | | | 3.31.1-4ubuntu0.5 | sqlite: an array-bounds overflow if | | | | | | | billions of bytes are used in a... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-35737 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-7104 | | | 3.31.1-4ubuntu0.6 | sqlite: heap-buffer-overflow | | | | | | | at sessionfuzz | | | | | | | -->avd.aquasec.com/nvd/cve-2023-7104 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-36690 | LOW | | 3.31.1-4ubuntu0.3 | A segmentation fault can occur in the | | | | | | | sqlite3.exe command-line compone ... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libss2 | CVE-2022-1304 | MEDIUM | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libssh-4 | CVE-2023-1667 | | 0.9.3-2ubuntu2.2 | 0.9.3-2ubuntu2.3 | libssh: NULL pointer | | | | | | | dereference during rekeying | | | | | | | with algorithm guessing | | | | | | | -->avd.aquasec.com/nvd/cve-2023-1667 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-2283 | | | | libssh: authorization bypass | | | | | | | in pki_verify_data_signature | | | | | | | -->avd.aquasec.com/nvd/cve-2023-2283 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-48795 | | | 0.9.3-2ubuntu2.4 | ssh: Prefix truncation attack | | | | | | | on Binary Packet Protocol (BPP) | | | | | | | -->avd.aquasec.com/nvd/cve-2023-48795 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-6004 | | | 0.9.3-2ubuntu2.5 | libssh: ProxyCommand/ProxyJump | | | | | | | features allow injection of | | | | | | | malicious code through hostname | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6004 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-6918 | | | | libssh: Missing checks for | | | | | | | return values for digests | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6918 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libssl1.1 | CVE-2022-0778 | HIGH | 1.1.1f-1ubuntu2.8 | 1.1.1f-1ubuntu2.12 | openssl: Infinite loop in | | | | | | | BN_mod_sqrt() reachable | | | | | | | when parsing certificates | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0778 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-0286 | | | 1.1.1f-1ubuntu2.17 | openssl: X.400 address type | | | | | | | confusion in X.509 GeneralName | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0286 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-1292 | MEDIUM | | 1.1.1f-1ubuntu2.13 | openssl: c_rehash script | | | | | | | allows command injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1292 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-2068 | | | 1.1.1f-1ubuntu2.15 | openssl: the c_rehash script | | | | | | | allows command injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2068 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-2097 | | | 1.1.1f-1ubuntu2.16 | openssl: AES OCB fails | | | | | | | to encrypt some bytes | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2097 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-4304 | | | 1.1.1f-1ubuntu2.17 | openssl: timing attack in | | | | | | | RSA Decryption implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4304 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-4450 | | | | openssl: double free after | | | | | | | calling PEM_read_bio_ex | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4450 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0215 | | | | openssl: use-after-free | | | | | | | following BIO_new_NDEF | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0215 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-2650 | | | 1.1.1f-1ubuntu2.19 | openssl: Possible DoS translating | | | | | | | ASN.1 object identifiers | | | | | | | -->avd.aquasec.com/nvd/cve-2023-2650 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2023-0464 | LOW | | 1.1.1f-1ubuntu2.18 | openssl: Denial of service | | | | | | | by excessive resource usage | | | | | | | in verifying X509 policy... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0464 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0465 | | | | openssl: Invalid certificate | | | | | | | policies in leaf certificates | | | | | | | are silently ignored | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0465 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0466 | | | | openssl: Certificate | | | | | | | policy check not enabled | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0466 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-3446 | | | 1.1.1f-1ubuntu2.20 | openssl: Excessive time spent | | | | | | | checking DH keys and parameters | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3446 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-3817 | | | | OpenSSL: Excessive time spent | | | | | | | checking DH q parameter value | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3817 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-5678 | | | 1.1.1f-1ubuntu2.21 | openssl: Generating excessively | | | | | | | long X9.42 DH keys or checking | | | | | | | excessively long X9.42... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5678 | + +------------------+ + + +---------------------------------------+ | | CVE-2024-0727 | | | | openssl: denial of service | | | | | | | via null dereference | | | | | | | -->avd.aquasec.com/nvd/cve-2024-0727 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libsystemd0 | CVE-2021-3997 | MEDIUM | 245.4-4ubuntu3.13 | 245.4-4ubuntu3.15 | systemd: Uncontrolled recursion in | | | | | | | systemd-tmpfiles when removing files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3997 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3821 | | | 245.4-4ubuntu3.20 | systemd: buffer overrun in | | | | | | | format_timespan() function | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3821 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-4415 | | | | systemd: local information leak due | | | | | | | to systemd-coredump not respecting | | | | | | | fs.suid_dumpable kernel setting... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4415 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2023-26604 | LOW | | | systemd: privilege | | | | | | | escalation via the less pager | | | | | | | -->avd.aquasec.com/nvd/cve-2023-26604 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-7008 | | | | systemd-resolved: Unsigned | | | | | | | name response in signed zone is | | | | | | | not refused when DNSSEC=yes... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-7008 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libtinfo6 | CVE-2023-29491 | MEDIUM | 6.2-0ubuntu2 | 6.2-0ubuntu2.1 | ncurses: Local users can | | | | | | | trigger security-relevant memory | | | | | | | corruption via malformed data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29491 | + +------------------+----------+ + +---------------------------------------+ | | CVE-2021-39537 | LOW | | | ncurses: heap-based buffer overflow | | | | | | | in _nc_captoinfo() in captoinfo.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-29458 | | | | ncurses: segfaulting OOB read | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-45918 | | | | ncurses 6.4-20230610 has | | | | | | | a NULL pointer dereference | | | | | | | in tgetstr in tinf ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45918 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-50495 | | | | ncurses: segmentation | | | | | | | fault via _nc_wrap_entry() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-50495 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libudev1 | CVE-2021-3997 | MEDIUM | 245.4-4ubuntu3.13 | 245.4-4ubuntu3.15 | systemd: Uncontrolled recursion in | | | | | | | systemd-tmpfiles when removing files | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3997 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3821 | | | 245.4-4ubuntu3.20 | systemd: buffer overrun in | | | | | | | format_timespan() function | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3821 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-4415 | | | | systemd: local information leak due | | | | | | | to systemd-coredump not respecting | | | | | | | fs.suid_dumpable kernel setting... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4415 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2023-26604 | LOW | | | systemd: privilege | | | | | | | escalation via the less pager | | | | | | | -->avd.aquasec.com/nvd/cve-2023-26604 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-7008 | | | | systemd-resolved: Unsigned | | | | | | | name response in signed zone is | | | | | | | not refused when DNSSEC=yes... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-7008 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | libuuid1 | CVE-2021-3995 | MEDIUM | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | libwind0-heimdal | CVE-2021-44758 | | 7.7.0+dfsg-1ubuntu1 | 7.7.0+dfsg-1ubuntu1.3 | Heimdal before 7.7.1 allows | | | | | | | attackers to cause a NULL | | | | | | | pointer derefere ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-44758 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3116 | | | 7.7.0+dfsg-1ubuntu1.1 | The Heimdal Software Kerberos | | | | | | | 5 implementation is vulnerable | | | | | | | to a null pointer... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3116 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-3437 | | | 7.7.0+dfsg-1ubuntu1.3 | samba: heap buffer overflow | | | | | | | in GSSAPI unwrap_des() and | | | | | | | unwrap_des3() routines of Heimdal... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-3437 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-41916 | | | 7.7.0+dfsg-1ubuntu1.2 | Heimdal is an implementation | | | | | | | of ASN.1/DER, PKIX, and | | | | | | | Kerberos. Version ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41916 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-42898 | | | 7.7.0+dfsg-1ubuntu1.3 | krb5: integer overflow | | | | | | | vulnerabilities in PAC parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42898 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-44640 | | | | Heimdal before 7.7.1 | | | | | | | allows remote attackers to | | | | | | | execute arbitrary code ... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-44640 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-45142 | | | 7.7.0+dfsg-1ubuntu1.4 | samba: CVE-2022-3437 fix | | | | | | | introduced a logic inversion | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45142 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-3671 | LOW | | 7.7.0+dfsg-1ubuntu1.1 | samba: Null pointer dereference | | | | | | | on missing sname in TGS-REQ | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | locales | CVE-2021-3999 | MEDIUM | 2.31-0ubuntu9.2 | 2.31-0ubuntu9.7 | glibc: Off-by-one buffer | | | | | | | overflow/underflow in getcwd() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3999 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-2961 | | | 2.31-0ubuntu9.15 | glibc: Out of bounds write in | | | | | | | iconv may lead to remote code... | | | | | | | -->avd.aquasec.com/nvd/cve-2024-2961 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2016-10228 | LOW | | 2.31-0ubuntu9.7 | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2016-20013 | | | | sha256crypt and sha512crypt | | | | | | | through 0.6 allow attackers | | | | | | | to cause a denial of... | | | | | | | -->avd.aquasec.com/nvd/cve-2016-20013 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2019-25013 | | | 2.31-0ubuntu9.7 | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-29562 | | | | glibc: assertion failure in iconv | | | | | | | when converting invalid UCS4 | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | + +------------------+ + + +---------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function | | | | | | | in netgroupcache.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23218 | | | | glibc: Stack-based buffer overflow | | | | | | | in svcunix_create via long pathnames | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23218 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-23219 | | | | glibc: Stack-based buffer | | | | | | | overflow in sunrpc clnt_create | | | | | | | via a long pathname | | | | | | | -->avd.aquasec.com/nvd/cve-2022-23219 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-4806 | | | 2.31-0ubuntu9.14 | glibc: potential | | | | | | | use-after-free in getaddrinfo() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4806 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-4813 | | | | glibc: potential | | | | | | | use-after-free in gaih_inet() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4813 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | login | CVE-2013-4235 | | 1:4.8.1-1ubuntu5.20.04.1 | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-29383 | | | | shadow: Improper input validation | | | | | | | in shadow-utils package utility chfn | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29383 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-4641 | | | 1:4.8.1-1ubuntu5.20.04.5 | shadow-utils: possible password | | | | | | | leak during passwd(1) change | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4641 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | logsave | CVE-2022-1304 | MEDIUM | 1.45.5-2ubuntu1 | 1.45.5-2ubuntu1.1 | e2fsprogs: out-of-bounds | | | | | | | read/write via crafted filesystem | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1304 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | mount | CVE-2021-3995 | | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | ncurses-base | CVE-2023-29491 | | 6.2-0ubuntu2 | 6.2-0ubuntu2.1 | ncurses: Local users can | | | | | | | trigger security-relevant memory | | | | | | | corruption via malformed data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29491 | + +------------------+----------+ + +---------------------------------------+ | | CVE-2021-39537 | LOW | | | ncurses: heap-based buffer overflow | | | | | | | in _nc_captoinfo() in captoinfo.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-29458 | | | | ncurses: segfaulting OOB read | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-45918 | | | | ncurses 6.4-20230610 has | | | | | | | a NULL pointer dereference | | | | | | | in tgetstr in tinf ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45918 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-50495 | | | | ncurses: segmentation | | | | | | | fault via _nc_wrap_entry() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-50495 | +----------------------+------------------+----------+ +----------------------------+---------------------------------------+ | ncurses-bin | CVE-2023-29491 | MEDIUM | | 6.2-0ubuntu2.1 | ncurses: Local users can | | | | | | | trigger security-relevant memory | | | | | | | corruption via malformed data | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29491 | + +------------------+----------+ + +---------------------------------------+ | | CVE-2021-39537 | LOW | | | ncurses: heap-based buffer overflow | | | | | | | in _nc_captoinfo() in captoinfo.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-29458 | | | | ncurses: segfaulting OOB read | | | | | | | -->avd.aquasec.com/nvd/cve-2022-29458 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-45918 | | | | ncurses 6.4-20230610 has | | | | | | | a NULL pointer dereference | | | | | | | in tgetstr in tinf ...... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45918 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-50495 | | | | ncurses: segmentation | | | | | | | fault via _nc_wrap_entry() | | | | | | | -->avd.aquasec.com/nvd/cve-2023-50495 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | openssl | CVE-2022-0778 | HIGH | 1.1.1f-1ubuntu2.8 | 1.1.1f-1ubuntu2.12 | openssl: Infinite loop in | | | | | | | BN_mod_sqrt() reachable | | | | | | | when parsing certificates | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0778 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-0286 | | | 1.1.1f-1ubuntu2.17 | openssl: X.400 address type | | | | | | | confusion in X.509 GeneralName | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0286 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2022-1292 | MEDIUM | | 1.1.1f-1ubuntu2.13 | openssl: c_rehash script | | | | | | | allows command injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1292 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-2068 | | | 1.1.1f-1ubuntu2.15 | openssl: the c_rehash script | | | | | | | allows command injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2068 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-2097 | | | 1.1.1f-1ubuntu2.16 | openssl: AES OCB fails | | | | | | | to encrypt some bytes | | | | | | | -->avd.aquasec.com/nvd/cve-2022-2097 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-4304 | | | 1.1.1f-1ubuntu2.17 | openssl: timing attack in | | | | | | | RSA Decryption implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4304 | + +------------------+ + + +---------------------------------------+ | | CVE-2022-4450 | | | | openssl: double free after | | | | | | | calling PEM_read_bio_ex | | | | | | | -->avd.aquasec.com/nvd/cve-2022-4450 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0215 | | | | openssl: use-after-free | | | | | | | following BIO_new_NDEF | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0215 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-2650 | | | 1.1.1f-1ubuntu2.19 | openssl: Possible DoS translating | | | | | | | ASN.1 object identifiers | | | | | | | -->avd.aquasec.com/nvd/cve-2023-2650 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2023-0464 | LOW | | 1.1.1f-1ubuntu2.18 | openssl: Denial of service | | | | | | | by excessive resource usage | | | | | | | in verifying X509 policy... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0464 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0465 | | | | openssl: Invalid certificate | | | | | | | policies in leaf certificates | | | | | | | are silently ignored | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0465 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-0466 | | | | openssl: Certificate | | | | | | | policy check not enabled | | | | | | | -->avd.aquasec.com/nvd/cve-2023-0466 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-3446 | | | 1.1.1f-1ubuntu2.20 | openssl: Excessive time spent | | | | | | | checking DH keys and parameters | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3446 | + +------------------+ + + +---------------------------------------+ | | CVE-2023-3817 | | | | OpenSSL: Excessive time spent | | | | | | | checking DH q parameter value | | | | | | | -->avd.aquasec.com/nvd/cve-2023-3817 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-5678 | | | 1.1.1f-1ubuntu2.21 | openssl: Generating excessively | | | | | | | long X9.42 DH keys or checking | | | | | | | excessively long X9.42... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5678 | + +------------------+ + + +---------------------------------------+ | | CVE-2024-0727 | | | | openssl: denial of service | | | | | | | via null dereference | | | | | | | -->avd.aquasec.com/nvd/cve-2024-0727 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | passwd | CVE-2013-4235 | | 1:4.8.1-1ubuntu5.20.04.1 | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-29383 | | | | shadow: Improper input validation | | | | | | | in shadow-utils package utility chfn | | | | | | | -->avd.aquasec.com/nvd/cve-2023-29383 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-4641 | | | 1:4.8.1-1ubuntu5.20.04.5 | shadow-utils: possible password | | | | | | | leak during passwd(1) change | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4641 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | 5.30.0-9ubuntu0.3 | perl-CPAN: Bypass of verification | | | | | | | of signatures in CHECKSUMS files | | | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-31484 | | | 5.30.0-9ubuntu0.4 | perl: CPAN.pm does not verify | | | | | | | TLS certificates when downloading | | | | | | | distributions over HTTPS... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-31484 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-47038 | | | 5.30.0-9ubuntu0.5 | perl: Write past buffer end via | | | | | | | illegal user-defined Unicode property | | | | | | | -->avd.aquasec.com/nvd/cve-2023-47038 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | procps | CVE-2023-4016 | LOW | 2:3.3.16-1ubuntu2.3 | 2:3.3.16-1ubuntu2.4 | procps: ps buffer overflow | | | | | | | -->avd.aquasec.com/nvd/cve-2023-4016 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | tar | CVE-2022-48303 | MEDIUM | 1.30+dfsg-7ubuntu0.20.04.1 | 1.30+dfsg-7ubuntu0.20.04.3 | tar: heap buffer overflow at | | | | | | | from_header() in list.c via | | | | | | | specially crafted checksum... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-48303 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2023-39804 | | | 1.30+dfsg-7ubuntu0.20.04.4 | tar: Incorrectly handled | | | | | | | extension attributes in PAX | | | | | | | archives can lead to a... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-39804 | + +------------------+----------+ +----------------------------+---------------------------------------+ | | CVE-2021-20193 | LOW | | 1.30+dfsg-7ubuntu0.20.04.2 | tar: Memory leak in | | | | | | | read_header() in list.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ | util-linux | CVE-2021-3995 | MEDIUM | 2.34-0.1ubuntu9.1 | 2.34-0.1ubuntu9.3 | util-linux: Unauthorized unmount | | | | | | | of FUSE filesystems belonging | | | | | | | to users with similar uid... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3995 | + +------------------+ + + +---------------------------------------+ | | CVE-2021-3996 | | | | util-linux: Unauthorized unmount | | | | | | | of filesystems in libmount | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3996 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2024-28085 | | | 2.34-0.1ubuntu9.5 | util-linux: CVE-2024-28085: | | | | | | | wall: escape sequence injection | | | | | | | -->avd.aquasec.com/nvd/cve-2024-28085 | +----------------------+------------------+ +----------------------------+----------------------------+---------------------------------------+ | zlib1g | CVE-2018-25032 | | 1:1.2.11.dfsg-2ubuntu1.2 | 1:1.2.11.dfsg-2ubuntu1.3 | zlib: A flaw found in | | | | | | | zlib when compressing (not | | | | | | | decompressing) certain inputs... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-25032 | + +------------------+ + +----------------------------+---------------------------------------+ | | CVE-2022-37434 | | | 1:1.2.11.dfsg-2ubuntu1.5 | zlib: heap-based buffer | | | | | | | over-read and overflow in | | | | | | | inflate() in inflate.c via a... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-37434 | +----------------------+------------------+----------+----------------------------+----------------------------+---------------------------------------+ Java (jar) ========== Total: 48 (UNKNOWN: 0, LOW: 0, MEDIUM: 20, HIGH: 23, CRITICAL: 5) +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | ch.qos.logback:logback-classic | CVE-2023-6378 | HIGH | 1.2.5 | 1.3.12, 1.4.12, 1.2.13 | logback: serialization | | | | | | | vulnerability in logback receiver | | | | | | | -->avd.aquasec.com/nvd/cve-2023-6378 | +-------------------------------------------------------------+ + + + + + | ch.qos.logback:logback-core | | | | | | | | | | | | | | | | | | | | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2021-42550 | MEDIUM | | 1.2.9 | logback: remote code execution | | | | | | | through JNDI call from within | | | | | | | its configuration file... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-42550 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | com.fasterxml.jackson.core:jackson-databind | CVE-2020-36518 | HIGH | 2.12.4 | 2.13.2.1, 2.12.6.1 | jackson-databind: denial of service | | | | | | | via a large depth of nested objects | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36518 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2021-46877 | | | 2.12.6, 2.13.1 | jackson-databind: Possible | | | | | | | DoS if using JDK serialization | | | | | | | to serialize JsonNode | | | | | | | -->avd.aquasec.com/nvd/cve-2021-46877 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-42003 | | | 2.12.7.1, 2.13.4.2 | jackson-databind: deep | | | | | | | wrapper array nesting wrt | | | | | | | UNWRAP_SINGLE_VALUE_ARRAYS | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42003 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-42004 | | | 2.12.7.1, 2.13.4 | jackson-databind: use | | | | | | | of deeply nested arrays | | | | | | | -->avd.aquasec.com/nvd/cve-2022-42004 | +-------------------------------------------------------------+------------------+ +-------------------+--------------------------------+----------------------------------------------------------------+ | io.netty:netty-codec | CVE-2021-37136 | | 4.1.67.Final | 4.1.68.Final | netty-codec: Bzip2Decoder | | | | | | | doesn't allow setting size | | | | | | | restrictions for decompressed data | | | | | | | -->avd.aquasec.com/nvd/cve-2021-37136 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2021-37137 | | | | netty-codec: SnappyFrameDecoder | | | | | | | doesn't restrict chunk length and | | | | | | | may buffer skippable chunks in... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-37137 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | io.netty:netty-handler | CVE-2023-34462 | MEDIUM | | 4.1.94.Final | netty: SniHandler 16MB | | | | | | | allocation leads to OOM | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34462 | +-------------------------------------------------------------+------------------+ +-------------------+--------------------------------+----------------------------------------------------------------+ | mysql:mysql-connector-java | CVE-2021-2471 | | 8.0.26 | 8.0.27 | mysql-connector-java: | | | | | | | unauthorized access to critical | | | | | | | -->avd.aquasec.com/nvd/cve-2021-2471 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-21363 | | | 8.0.28 | mysql-connector-java: Difficult | | | | | | | to exploit vulnerability | | | | | | | allows high privileged | | | | | | | attacker with network access... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-21363 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.apache.tomcat.embed:tomcat-embed-core | CVE-2022-42252 | HIGH | 9.0.52 | 8.5.83, 9.0.68, 10.0.27, | tomcat: request smuggling | | | | | | 10.1.1 | -->avd.aquasec.com/nvd/cve-2022-42252 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-45143 | | | 8.5.84, 9.0.69, 10.1.2 | tomcat: JsonErrorReportValve | | | | | | | injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45143 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-24998 | | | 10.1.5, 11.0.0-M5, 8.5.88, | Apache Commons FileUpload: | | | | | | 9.0.71 | FileUpload DoS with excessive parts | | | | | | | -->avd.aquasec.com/nvd/cve-2023-24998 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-46589 | | | 11.0.0-M11, 10.1.16, 9.0.83, | tomcat: HTTP request smuggling | | | | | | 8.5.96 | via malformed trailer headers | | | | | | | -->avd.aquasec.com/nvd/cve-2023-46589 | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-41080 | MEDIUM | | 8.5.93, 9.0.80, 10.1.13, | tomcat: Open Redirect vulnerability | | | | | | 11.0.0-M11 | in FORM authentication | | | | | | | -->avd.aquasec.com/nvd/cve-2023-41080 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-42795 | | | 11.0.0-M12, 10.1.14, 9.0.81, | tomcat: improper cleaning | | | | | | 8.5.94 | of recycled objects could | | | | | | | lead to information leak | | | | | | | -->avd.aquasec.com/nvd/cve-2023-42795 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2023-44487 | | | | HTTP/2: Multiple HTTP/2 | | | | | | | enabled web servers are | | | | | | | vulnerable to a DDoS attack... | | | | | | | -->avd.aquasec.com/nvd/cve-2023-44487 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2023-45648 | | | | tomcat: incorrectly parsed | | | | | | | http trailer headers can | | | | | | | cause request smuggling | | | | | | | -->avd.aquasec.com/nvd/cve-2023-45648 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-24549 | | | 8.5.99, 9.0.86, 10.1.19, | : Apache Tomcat: HTTP/2 | | | | | | 11.0.0-M17 | header handling DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2024-24549 | +-------------------------------------------------------------+------------------+ + +--------------------------------+----------------------------------------------------------------+ | org.apache.tomcat.embed:tomcat-embed-websocket | CVE-2024-23672 | | | 11.0.0-M17, 10.1.19, 9.0.86, | Apache Tomcat: WebSocket DoS | | | | | | 8.5.99 | with incomplete closing handshake | | | | | | | -->avd.aquasec.com/nvd/cve-2024-23672 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.json:json | CVE-2022-45688 | HIGH | 20201115 | 20230227 | json stack overflow vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2022-45688 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-5072 | | | 20231013 | JSON-java: parser | | | | | | | confusion leads to OOM | | | | | | | -->avd.aquasec.com/nvd/cve-2023-5072 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.springframework.boot:spring-boot | CVE-2023-34055 | MEDIUM | 2.5.4 | 2.7.18, 3.0.13, 3.1.6 | spring-boot: | | | | | | | org.springframework.boot:spring-boot-actuator | | | | | | | class vulnerable to denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2023-34055 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework.boot:spring-boot-actuator-autoconfigure | CVE-2023-20873 | CRITICAL | | 3.0.6, 2.7.11 | spring-boot: Security | | | | | | | Bypass With Wildcard Pattern | | | | | | | Matching on Cloud Foundry | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20873 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework.boot:spring-boot-autoconfigure | CVE-2023-20883 | HIGH | | 3.0.7, 2.7.12, 2.6.15, 2.5.15 | spring-boot: Spring Boot | | | | | | | Welcome Page DoS Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20883 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.springframework.data:spring-data-mongodb | CVE-2022-22980 | CRITICAL | 3.2.4 | 3.4.1, 3.3.5 | Spring Data MongoDB: SpEL in | | | | | | | query methods allow code injection | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22980 | +-------------------------------------------------------------+------------------+ +-------------------+--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-beans | CVE-2022-22965 | | 5.3.9 | 5.2.20.RELEASE, 5.3.18 | spring-framework: RCE via | | | | | | | Data Binding on JDK 9+ | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22965 | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-22970 | HIGH | | 5.2.22.RELEASE, 5.3.20 | springframework: DoS via data binding | | | | | | | to multipartFile or servlet part | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22970 | +-------------------------------------------------------------+------------------+ + +--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-context | CVE-2022-22968 | | | 5.3.19, 5.2.21 | Spring Framework: Data | | | | | | | Binding Rules Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22968 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-core | CVE-2021-22060 | MEDIUM | | 5.3.14, 5.2.19 | springframework: Additional Log | | | | | | | Injection in Spring Framework | | | | | | | (follow-up to CVE-2021-22096) | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22060 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2021-22096 | | | 5.3.11, 5.2.18 | springframework: malicious | | | | | | | input leads to insertion | | | | | | | of additional log entries | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22096 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-expression | CVE-2023-20863 | HIGH | | 6.0.8, 5.3.27, 5.2.24.RELEASE | springframework: Spring | | | | | | | Expression DoS Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20863 | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-22950 | MEDIUM | | 5.3.17, 5.2.20.RELEASE | spring-expression: Denial of service | | | | | | | via specially crafted SpEL expression | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22950 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2023-20861 | | | 6.0.7, 5.3.26, 5.2.23.RELEASE | springframework: Spring | | | | | | | Expression DoS Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2023-20861 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-web | CVE-2016-1000027 | CRITICAL | | 6.0.0 | spring: HttpInvokerServiceExporter | | | | | | | readRemoteInvocation method | | | | | | | untrusted java deserialization | | | | | | | -->avd.aquasec.com/nvd/cve-2016-1000027 | + +------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-22243 | HIGH | | 6.1.4, 6.0.17, 5.3.32 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22243 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-22259 | | | 6.1.5, 6.0.18, 5.3.33 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22259 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2024-22262 | | | 5.3.34, 6.0.19, 6.1.6 | springframework: URL | | | | | | | Parsing with Host Validation | | | | | | | -->avd.aquasec.com/nvd/cve-2024-22262 | +-------------------------------------------------------------+------------------+----------+ +--------------------------------+----------------------------------------------------------------+ | org.springframework:spring-webmvc | CVE-2022-22965 | CRITICAL | | 5.2.20.RELEASE, 5.3.18 | spring-framework: RCE via | | | | | | | Data Binding on JDK 9+ | | | | | | | -->avd.aquasec.com/nvd/cve-2022-22965 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+ | org.yaml:snakeyaml | CVE-2022-1471 | HIGH | 1.28 | 2.0 | SnakeYaml: Constructor | | | | | | | Deserialization | | | | | | | Remote Code Execution | | | | | | | -->avd.aquasec.com/nvd/cve-2022-1471 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-25857 | | | 1.31 | snakeyaml: Denial of Service | | | | | | | due to missing nested depth | | | | | | | limitation for collections... | | | | | | | -->avd.aquasec.com/nvd/cve-2022-25857 | + +------------------+----------+ + +----------------------------------------------------------------+ | | CVE-2022-38749 | MEDIUM | | | snakeyaml: Uncaught exception in | | | | | | | org.yaml.snakeyaml.composer.Composer.composeSequenceNode | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38749 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2022-38750 | | | | snakeyaml: Uncaught exception in | | | | | | | org.yaml.snakeyaml.constructor.BaseConstructor.constructObject | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38750 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2022-38751 | | | | snakeyaml: Uncaught exception in | | | | | | | java.base/java.util.regex.Pattern$Ques.match | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38751 | + +------------------+ + +--------------------------------+----------------------------------------------------------------+ | | CVE-2022-38752 | | | 1.32 | snakeyaml: Uncaught exception in | | | | | | | java.base/java.util.ArrayList.hashCode | | | | | | | -->avd.aquasec.com/nvd/cve-2022-38752 | + +------------------+ + + +----------------------------------------------------------------+ | | CVE-2022-41854 | | | | dev-java/snakeyaml: | | | | | | | DoS via stack overflow | | | | | | | -->avd.aquasec.com/nvd/cve-2022-41854 | +-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+